A Wake-Up Call for Securing Remote Employees’ Hardware

Update: Multiple U.S. and international government agencies released an advisory Feb. 7 detailing the Volt Typhoon attacks. The threat actors targeted and compromised the IT environments of U.S. communications, energy, transportation and water infrastructure in the continental U.S. as well as non-continental areas and territories, such as Guam.

Original article: State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. Most of the affected routers were manufactured by Cisco and NetGear and had reached end-of-life status.

Department of Justice investigators said on Jan. 31, 2024, that the malware has been deleted from affected routers. The investigators also cut the routers off from other devices used in the botnet.

IT teams need to know how to reduce cybersecurity risks that could stem from remote workers using outdated technology.

What is the Volt Typhoon botnet attack?

The cybersecurity threat in this case is a botnet created by Volt Typhoon, a group of attackers sponsored by the Chinese government.

Starting in May 2023, the FBI looked into a cyberattack campaign against critical infrastructure organizations. On Jan. 31, 2024, the FBI revealed that an investigation into the same group of threat actors in December 2023 showed attackers sponsored by the government of China had created a botnet using hundreds of privately-owned routers across the U.S.

The attack was an attempt to create inroads into “communications, energy, transportation, and water sectors” in order to disrupt critical U.S. functions in the event of conflict between the countries, said Wray in the press release.

SEE: Multiple security companies and U.S. agencies have their eyes on Androxgh0st, a botnet targeting cloud credentials. (TechRepublic) 

The attackers used a “living off the land” technique to blend in with the normal operation of the affected devices.

The FBI is contacting anyone whose equipment was affected by this specific attack. It hasn’t been confirmed whether…