In a recent report from Microsoft, the tech giant has issued a warning regarding the Volt Typhoon group, expressing concerns about the potential for disruption of US-Asia communications during future crises. The group has managed to embed itself within critical infrastructure using a stealthy technique known as “living off the land” in order to evade detection by antivirus software.
Following the disruption of the Volt Typhoon’s KV botnet by US officials, researchers at Black Lotus Labs observed a shift in tactics by the group. They were found to be re-exploiting previously compromised devices, including NetGear ProSAFE hardware, Cisco RV routers, DrayTek Vigor routers, and Axis IP cameras.
During its peak, the botnet was found to have infected 32% of the 6,613 NetGear ProSAFE devices connected to the internet. At its peak, there were 1,500 active bots under Volt Typhoon’s control, but this number had declined to 650 by mid-January 2024. The significant decrease in numbers occurred in late December when the command and control server of the botnet was taken down by US officials, leaving only clusters responsible for scanning and reconnaissance.
Black Lotus Labs has indicated that not only will this group continue to employ similar tactics in the future, but it is expected that other state-aligned operations will also adopt similar strategies. The researchers anticipate that the use of compromised firewalls and routers will continue to be a significant component of threat actor operations, both to gain access to high-profile targets and to establish covert infrastructure.
The warning from Microsoft and the observations made by Black Lotus Labs highlight the persistent and evolving nature of cyber threats. With threat actors continuously adapting their tactics and targeting critical infrastructure, there is an increasing need for robust cybersecurity measures to safeguard against such attacks. As technology continues to play a central role in global communications and infrastructure, the potential impact of these cyber threats on national security and international relations cannot be underestimated.
In light of these developments, it is essential for governments, organizations, and cybersecurity professionals to remain vigilant and proactive in addressing cybersecurity challenges. This includes investing in advanced cybersecurity solutions, staying informed about emerging threats, and collaborating on a global scale to mitigate the risks posed by malicious actors. By prioritizing cybersecurity and fostering a culture of resilience, it is possible to minimize the potential impact of cyber threats on critical infrastructure and international communication networks.