US Shuts Down China-Backed Botnet Targeting Home Office Routers

WASHINGTON, DC (IANS) – The US government has shut down a Chinese government-backed botnet that hijacked “hundreds” of small office and home office routers in the US.

The hackers, known to the private sector as the ‘Volt Typhoon’, used privately-owned small office/home office routers infected with the “KV Botnet” malware to conceal the Chinese origin of further hacking activities directed against the US and other foreign victims.

Most routers that comprised the KV Botnet were Cisco and Net Gear routers that were vulnerable because they had reached “end of life” status, no longer supported through security patches or other software updates.

The court-authorized operation deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet, the US Justice Department said.

“The Justice Department has disrupted a PRC-backed hacking group that attempted to target America’s critical infrastructure utilizing a botnet,” said Attorney General Merrick B. Garland.

“In wiping out the KV Botnet from hundreds of routers nationwide, the Department of Justice is using all its tools to disrupt national security threats – in real time,” said Deputy Attorney General Lisa O. Monaco.

The operation did not impact the legitimate functions of, or collect content information from, hacked routers.

Additionally, the court-authorized steps to disconnect the routers from the KV Botnet and prevent reinfection are temporary.

“A router’s owner can reverse these mitigation steps by restarting the router. However, a restart that is not accompanied by mitigation steps like those the court order authorized will make the router vulnerable to reinfection,” said the Justice Department.