Stealthy new botnet targets VPN devices and routers while staying disguised

News
By published

US and other nations targeted in wide-ranging Volt Typhoon attack

A robot hand touching a locked digital shield blocking a human from accessing data
(Image credit: Blue Planet Studio/Shutterstock)

The US Government, together with several other countries, has issued a joint Cybersecurity Advisory notice warning of malicious work being carried out by a state-sponsored Chinese cyber actor known as Volt Typhoon.

The Chinese group has been observed targeting US critical infrastructure sectors, and other countries are believed to be at risk.

In fact, the attack uncovered by Microsoft earlier this year has captured the attention not only of the NSA, CISA, and FBI of the United States, but also officials in Australia, Canada, New Zealand, and the UK.

Chinese group stealthily targeting routers

According to Microsoft, the group, which has only been active since 2021, has previously targeted critical infrastructure on the Micronesian island Guam in the Western Pacific, which is an unincorporated territory of the US, as well as other American regions.

This particular campaign looks not to be especially focused, with sectors including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education all under threat.

Volt Typhoon uses built-in network administration tools, otherwise known as living off the land, to evade endpoint detection by blending in with normal Windows system and network activities.

Microsoft summarized the steps: “They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence.”

The threat actor was also noted to be blending into normal network activity by routing its traffic through compromised small office and home office (SOHO) network equipment, such as routers, firewalls, and VPN devices.

The security notice suggests that organizations harden domain controllers and monitor event logs, look for abnormal account activity, and investigate unusual IP addresses. Full details of the attack and mitigations can be found on the US Department of Defense’s website.

More from TechRadar Pro

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
China US flags cropped
Guam's critical infrastructure is under attack - and Volt Typhoon is the top suspect
China
Chinese hackers targeting Juniper Networks routers, so patch now
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
China
US Government officials urged to lock down devices amid telecoms breach
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
More about security
Lock on Laptop Screen

Data breach at Pennsylvania education union potentially exposes 500,000 victims
Trojan

WhatsApp patches security flaw which let hackers install spyware
Spyware

Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
See more latest
Most Popular
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
Miele Guard L1 Comfort XL cyclinder vacuum
I've been patiently waiting for the newest vacuum tech to make its way into cylinder vacuums, and Miele has finally delivered
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
Living room with Microsoft Xbox Series X (L) and Sony PlayStation 5 home video game consoles alongside a television and soundbar, taken on November 3, 2020.
The PS5 is currently selling faster than the PS4 did in the US, but I'm surprised to discover that the Xbox Series X and S are trailing behind Xbox One
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Samsung Galaxy Tab S9 FE Plus on a desk showing the rear of the device from above
The Samsung Galaxy Tab S10 FE could be a powerful iPad Air rival, based on the latest specs rumors
Trojan
WhatsApp patches security flaw which let hackers install spyware