Security News > 2024 > January > FBI disrupts Chinese botnet by wiping malware from infected routers
The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure.
Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.
"The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors-steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous," said FBI Director Christopher Wray.
Once in, FBI agents sent commands to the compromised devices to cut them off from the botnet and prevent the Chinese hackers from reconnecting them to the malicious network.
"The vast majority of routers that comprised the KV Botnet were Cisco and NetGear routers that were vulnerable because they had reached 'end of life' status; that is, they were no longer supported through their manufacturer's security patches or other software updates," a Justice Department press release explains.
"The court-authorized operation deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet."
News URL
Related news
- Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (source)
- FBI Shuts Down Chinese Botnet (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Quad7 botnet targets more SOHO and VPN routers, media servers (source)
- Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances (source)
- FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds (source)
- FBI forced Flax Typhoon to abandon its botnet (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)