Security News > 2024 > January > CISA: Vendors must secure SOHO routers against Volt Typhoon attacks
CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon.
Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.
"CISA and FBI are urging SOHO router manufacturers to build security into the design, development, and maintenance of SOHO routers to eliminate the path these threat actors are taking to compromise these devices and use these devices as launching pads to further compromise U.S. critical infrastructure entities," the cybersecurity agency said.
The Volt Typhoon attacks targeting SOHO routers mentioned by CISA in today's alert likely refer to the KV-botnet malware linked to the Chinese cyberspies in December that has been targeting such devices since at least August 2022.
Volt Typhoon is known for commonly targeting routers, firewalls, and VPN devices to proxy malicious traffic, blending it with legitimate traffic to evade detection during attacks.
Stealthy KV-botnet hijacks SOHO routers and VPN devices.
News URL
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)