You are here

Disrupted Volt Typhoon Botnet and Testimony on Preeminent Cyber Threat Posed by the PRC

Disrupted Volt Typhoon Botnet and Testimony on Preeminent Cyber Threat Posed by the PRC

Created: Thursday, February 1, 2024 - 14:36
Categories:
Cybersecurity, OT-ICS Security

In Tuesday’s Security & Resilience Update, WaterISAC shared breaking news from Reuters regarding the U.S. Disruption of Chinese Threats to Critical Infrastructure, to include activity from the group tracked as Volt Typhoon. Yesterday, top U.S. officials confirmed that it disrupted a botnet run by the prolific Chinese government-aligned threat group. Officials also testified during a hearing held by the House Select Committee on the Chinese Communist Party. CISA Director Jen Easterly testified in her opening statement that “Chinese cyber actors, including a group known as “Volt Typhoon,” are burrowing deep into our critical infrastructure to be ready to launch destructive cyber-attacks in the event of a major crisis or conflict with the United States.” Director Easterly’s statement also called for collective action from every critical infrastructure entity.

According to The Record, in a statement on Wednesday, the DOJ said Volt Typhoon had made a point of infecting privately owned home and office routers with the “KV Botnet” malware as a method of concealing other hacking activities conducted by the group — including the targeting of critical infrastructure. Subsequently, CISA and the FBI have released a Secure by Design (SbD) alert Security Design Improvements for SOHO Device Manufacturer. As is the nature of CISA’s SbD effort, this third publication places the onus on manufacturers to eliminate the path threat actors—particularly the People’s Republic of China (PRC)-sponsored Volt Typhoon group—are taking to compromise small office/home office (SOHO) routers. For more hearing coverage, visit The Record.

Resources