‘Volt Typhoon,’ the China state-sponsored hacking group, targeted outdated switches with poor security as part of a wave of attacks against critical infrastructure. Credit: Portrait Image Asia / Shutterstock The FBI thwarted a hacking group backed by the Chinese government that was targeting hundreds of routers and had been working to compromise U.S. cyber infrastructure, according to FBI Director Christopher Wray. Wray made the announcement at a House Select Committee hearing. The group, codenamed “Volt Typhoon,” hacked into hundreds of routers primarily used in home offices and SMBs to allow the Chinese government to access their data. Wray told the committee that the routers were outdated, which made them “easy targets.” The routers together formed an assembly of malware-infected devices, known as a botnet, which the threat group could use for launching an attack against U.S. critical infrastructure, the FBI said in a statement on Jan. 31 The routers were just the starting point. The hackers were using them as a launchpad to target U.S. water treatment plants, the power grid, oil and natural gas pipelines, and transportation systems, according to the FBI. On Feb. 7, the Cybersecurity And Infrastructure Security Agency (CISA) along with the FBI issued guidance for owners of these routers to secure them. This includes applying patches for internet-facing systems, prioritizing patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon, as well as implementing phishing-resistant multifactor authorization (MFA) and ensuring logging is turned on for application, access, and security logs and store logs in a central system. CISA and the FBI have not publicly disclosed which models of switches are vulnerable, perhaps to protect them from being targeted by other bad players. We do know that they are made by Cisco, Netgear, and D-Link and that they are older models no longer available for sale. Security firm Lumen Technologies has been tracking Volt Typhoon and identified Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras as the targets. In the guidance, the two agencies asked the vendors to eliminate vulnerabilities in SOHO router web management interfaces (WMIs) during the design and development phases. “CISA and FBI are urging SOHO router manufacturers to build security into the design, development, and maintenance of SOHO routers to eliminate the path these threat actors are taking to (1) compromise these devices and (2) use these devices as launching pads to further compromise U.S. critical infrastructure entities,” the cybersecurity agency said. They were also urged to adjust the router’s default configuration to automate security updates, require manual overrides when disabling security settings, and only allow access to the router’s WMI from devices connected to the local area network. Related content news Pure Storage adds AI features for security and performance Updated infrastructure-as-code management capabilities and expanded SLAs are among the new features from Pure Storage. By Andy Patrizio Jun 26, 2024 3 mins Enterprise Storage Data Center news Nvidia teases next-generation Rubin platform, shares physical AI vision ‘I'm not sure yet whether I'm going to regret this or not,' said Nvidia CEO Jensen Huang as he revealed 2026 plans for the company’s Rubin GPU platform. By Andy Patrizio Jun 17, 2024 4 mins CPUs and Processors Data Center news Intel launches sixth-generation Xeon processor line With the new generation chips, Intel is putting an emphasis on energy efficiency. By Andy Patrizio Jun 06, 2024 3 mins CPUs and Processors Data Center news AMD updates Instinct data center GPU line Unveiled at Computex 2024. the new AI processing card from AMD will come with much more high-bandwidth memory than its predecessor. By Andy Patrizio Jun 04, 2024 3 mins CPUs and Processors Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe