Security News > 2024 > February > Chinese hackers fail to rebuild botnet after FBI takedown
Chinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States.
After obtaining a court order authorizing it to dismantle the botnet on December 6, FBI agents took control of one of its command-and-control servers and cut off the Chinese hackers' access to the infected devices.
Two days later, Volt Typhoon started scanning the Internet for more vulnerable devices to hijack and rebuild the dismantled botnet.
Despite their concerted efforts, Black Lotus Labs thwarted the Chinese hackers' attempts to revive the botnet by null-routing the attacker's entire C2 and payload server fleet over a month, between December 12 and January 12.
FBI disrupts Chinese botnet by wiping malware from infected routers.
Chinese hackers infect Dutch military network with malware.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)