‘Volt Typhoon,’ the China state-sponsored hacking group, targeted outdated switches with poor security as part of a wave of attacks against critical infrastructure. Credit: Portrait Image Asia / Shutterstock The FBI thwarted a hacking group backed by the Chinese government that was targeting hundreds of routers and had been working to compromise U.S. cyber infrastructure, according to FBI Director Christopher Wray. Wray made the announcement at a House Select Committee hearing. The group, codenamed “Volt Typhoon,” hacked into hundreds of routers primarily used in home offices and SMBs to allow the Chinese government to access their data. Wray told the committee that the routers were outdated, which made them “easy targets.” The routers together formed an assembly of malware-infected devices, known as a botnet, which the threat group could use for launching an attack against U.S. critical infrastructure, the FBI said in a statement on Jan. 31 The routers were just the starting point. The hackers were using them as a launchpad to target U.S. water treatment plants, the power grid, oil and natural gas pipelines, and transportation systems, according to the FBI. On Feb. 7, the Cybersecurity And Infrastructure Security Agency (CISA) along with the FBI issued guidance for owners of these routers to secure them. This includes applying patches for internet-facing systems, prioritizing patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon, as well as implementing phishing-resistant multifactor authorization (MFA) and ensuring logging is turned on for application, access, and security logs and store logs in a central system. CISA and the FBI have not publicly disclosed which models of switches are vulnerable, perhaps to protect them from being targeted by other bad players. We do know that they are made by Cisco, Netgear, and D-Link and that they are older models no longer available for sale. Security firm Lumen Technologies has been tracking Volt Typhoon and identified Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras as the targets. In the guidance, the two agencies asked the vendors to eliminate vulnerabilities in SOHO router web management interfaces (WMIs) during the design and development phases. “CISA and FBI are urging SOHO router manufacturers to build security into the design, development, and maintenance of SOHO routers to eliminate the path these threat actors are taking to (1) compromise these devices and (2) use these devices as launching pads to further compromise U.S. critical infrastructure entities,” the cybersecurity agency said. They were also urged to adjust the router’s default configuration to automate security updates, require manual overrides when disabling security settings, and only allow access to the router’s WMI from devices connected to the local area network. Related content news AMD holds steady against Intel in Q1 x86 processor shipments finally realigned with typical seasonal trends for client and server processors, according to Mercury Research. By Andy Patrizio May 22, 2024 4 mins CPUs and Processors Data Center news Broadcom launches 400G Ethernet adapters The highly scalable, low-power 400G PCIe Gen 5.0 Ethernet adapters are designed for AI in the data center. By Andy Patrizio May 21, 2024 3 mins CPUs and Processors Networking news HPE updates block storage services The company adds new storage controller support as well as AWS. By Andy Patrizio May 20, 2024 3 mins Enterprise Storage Data Center news ZutaCore launches liquid cooling for advanced Nvidia chips The HyperCool direct-to-chip system from ZutaCore is designed to cool up to 120kW of rack power without requiring a facilities modification. By Andy Patrizio May 15, 2024 3 mins Servers Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe