The U.S. Justice Department announced on Wednesday that it took down a Chinese state-sponsored botnet that operated on Cisco and Netgear routers that did not have up-to-date security software. The Justice Department stated that Volt Typhoon had spread the botnet, called “KV Botnet,” to thousands of organizations in the critical infrastructure, government, construction, and education sectors. The FBI leveraged the botnet’s command-and-control infrastructure to remotely delete the malicious software from many routers without impacting the devices’ legitimate functions. The FBI is notifying the owners of the routers it remotely accessed and warned that restarting these routers would re-expose them to the botnet. Researchers described how the botnet operated like a Tor-style data transfer network for malicious purposes and advised that affected customers simply replace outdated routers with new models.
Read More:
https://www.securityweek.com/us-gov-disrupts-soho-router-botnet-used-by-chinese-apt-volt-typhoon/