China's Volt Typhoon crew has resurfaced, using compromised legacy Cisco routers to infiltrate critical infrastructure, security experts report. This resurgence comes about ten months after the FBI took action to dismantle their botnet, which had previously infected hundreds of outdated Cisco and Netgear routers to target U.S. energy and essential facilities. SecurityScorecard's Ryan Sherstobitoff noted that Volt Typhoon is now exploiting end-of-life Cisco RV320/325 routers, with 30% compromised within just over a month.
Although there are no specific CVEs being leveraged, these older devices lack security updates, making them prime targets for exploitation. Despite previous disruptions, the group swiftly rebuilt its command-and-control systems and continued operations, using global infrastructure to mask traffic. The persistent activity of Volt Typhoon and related Chinese-backed cyberattacks highlights a growing threat to U.S. and global networks.
Read more...