Connect with us

News

Department of Justice Disrupts PRC-Backed Hacking Group Targeting U.S. Infrastructure

Published

on

Department Of Justice Disrupts Prc Backed Hacking Group Targeting U.s. Infrastructure

The Department of Justice (DOJ) has successfully disrupted a state-sponsored hacking group backed by the People’s Republic of China (PRC) that was targeting critical infrastructure in the United States. The operation, which took place in December 2023, focused on a botnet called the KV Botnet and involved the removal of malware from hundreds of U.S.-based small office/home office (SOHO) routers.

The hacking group, known as Volt Typhoon, had been using infected SOHO routers to hide the origin of their activities and launch further cyberattacks against U.S. and other foreign victims. This campaign, which targeted critical infrastructure organizations, was initially investigated by the FBI, National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and their foreign partners in May 2023.

The majority of routers compromised by the KV Botnet were from Cisco and NetGear, which had reached their end of life and were no longer supported with security patches or updates from the manufacturers. The court-authorized operation not only removed the KV Botnet malware from the routers but also severed their connection to the botnet by blocking communications with other command and control devices.

Attorney General Merrick B. Garland expressed the DOJ’s commitment to dismantling malicious cyber operations, particularly those sponsored by foreign governments, that pose a threat to U.S. national security. Deputy Attorney General Lisa O. Monaco emphasized the importance of victim reporting and highlighted the critical partnership between the private sector and law enforcement agencies in combating cybercrime.

FBI Director Christopher Wray warned about the potential real-world harm posed by China’s hackers, who were targeting American civilian critical infrastructure. Their activities in pre-positioning themselves to disrupt communications, energy, transportation, and water sectors represent a serious threat to the physical safety of American citizens. Director Wray assured that the FBI would not tolerate such actions and would continue to pursue those responsible.