Volt Typhoon Botnet Rebuilds After FBI Crackdown

The notorious Volt Typhoon botnet, disrupted by U.S. authorities in January, is back on the scene, re-establishing its foothold through compromised routers worldwide. SecurityScorecard recently reported on the resurgence of this cyber-espionage network, signaling a new phase in the battle against global cyber threats.

Volt Typhoon’s renewed campaign centers on compromising outdated SOHO routers and network devices from brands like Cisco and Netgear. Leveraging a sophisticated strategy, the group installs MIPS-based malware on these devices, communicating over non-standard ports to evade detection.

🔹 Compromised Devices: Primarily Cisco RV320/325 and Netgear ProSafe routers 🔹 Network Location: Concentrated in Asia but impacting global infrastructure 🔹 Infrastructure: Using Digital Ocean, Quadranet, and Vultr for resilience

The group appears to use vulnerabilities in end-of-life routers — devices that no longer receive updates. Notably, compromised routers are used as proxy servers, routing malicious traffic through legitimate networks to maintain stealth.

With cyber-attacks like these on the rise, it’s essential to stay ahead. For organizations and individuals, the following actions can help reduce exposure to threats from compromised SOHO routers:

Upgrade Routers: Replace older, unsupported routers with newer models.Secure Remote Access: Do not expose router admin panels to the internet.Change Default Credentials: Ensure that default admin passwords are updated.Regular Firmware Updates: Stay current with firmware patches for the latest security.

For Black Friday and Cyber Monday, Wire Tor is offering an exclusive 50% off on penetration testing services until December 2, 2024! Make sure your network is resilient against advanced threats like the Volt Typhoon botnet. Protect your digital assets today!