Volt Typhoon rebuilds malware botnet following FBI disruption

The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard.

Volt Typhoon is a Chinese state-sponsored cyberespionage threat group that is believed to have infiltrated critical U.S. infrastructure, among other networks worldwide, since at least five years ago.

Their primary strategy involves hacking SOHO routers and networking devices, such as Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras, to install custom malware that establishes covert communication and proxy channels and maintain persistent access to targeted networks.

In January 2024, the U.S. authorities announced the disruption of Volt Typhoon's botnet, which involved wiping malware from infected routers.

See more: https://www.bleepingcomputer.com/news/security/volt-typhoon-rebuilds-malware-botnet-following-fbi-disruption/

#cybersecurity #malware