You are here

Home

Threat Awareness – CISA and FBI Release Joint Statement as Volt Typhoon’s Botnet Resurfaces

Threat Awareness – CISA and FBI Release Joint Statement as Volt Typhoon’s Botnet Resurfaces

Created: Thursday, November 14, 2024 - 15:25
Categories:
Cybersecurity, Federal & State Resources, Security Preparedness

Researchers at the SecurityScorecard STRIKE Team have uncovered a resurgence of the Chinese-affiliated threat group known as Volt Typhoon, indicating it has rebuilt its botnet which was disrupted by the FBI back in January. It is very likely that Volt Typhoon’s efforts to rebuild its botnet were initiated long before now, as witnessed by its exploitation of Versa Director servers in August in order to, potentially, assist in the botnet’s restoration.

FBI Director Christopher Wray stated in January, “the Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors—steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous.”

Yesterday, CISA and the FBI released a joint statement on the People’s Republic of China (PRC) targeting of commercial telecommunications infrastructure:

The U.S. government's continued investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign.

Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues. 

WaterISAC has followed the PRC-sponsored threat actor developments extensively. A list of prior WaterISAC analyses on the subject can be found in its analysis of the Sophos Pacific Rim report. For more information, visit SecurityScorecard.

Additional Resources: