FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet

2024-01-31 19:24

China's Volt Typhoon attackers used "Hundreds" of outdated Cisco and NetGear routers infected with malware in an attempt to break into US critical infrastructure facilities, according to the Justice Department.

The Feds claim the Middle Kingdom keyboard warriors downloaded a virtual private network module to the vulnerable routers and set up an encrypted communication channel to control the botnet and hide their illegal activities.

Specifically: Volt Typhoon used the US-based routers and IP addresses to target US critical infrastructure, we're told.

The warrants allowed law enforcement to remotely install software on the routers to search for, and then seize or copy, information about the illicit activity before wiping the malware from the compromised devices.

To do this - and to limit the cops' search to routers infected with the botnet - the FBI sent specific KV Botnet commands to compromised routers to collect "Non-content information about those nodes," according to the warrants.

This includes the IP address, port numbers used by infected routers to communicate with other nodes, as well as IP addresses and ports used by each node's parent, and data on the command-and-control nodes.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/31/volt_typhoon_botnet/

#botnet #FBI #remote