Botnet affected US routers; Here's how to keep employees safe


State-sponsored hackers affiliated with China have attacked small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced Wednesday, Jan. 31. Most of the affected routers were manufactured by Cisco and NetGear and had reached the end of their useful life.

Justice Department investigators said on January 31, 2024, that the malware was removed from the affected routers. The researchers also isolated the routers from other devices used in the botnet.

IT teams need to know how to reduce cybersecurity risks that could arise from remote workers using outdated technology.

What is the Volt Typhoon botnet attack?

The cybersecurity threat in this case is a botnet created by Volt Typhoon, an attacker group sponsored by the Chinese government.

Beginning in May 2023, the FBI investigated a cyberattack campaign against critical infrastructure organizations. On January 31, 2024, the FBI revealed that an investigation into the same group of threat actors in December 2023 showed that attackers sponsored by the Chinese government had created a botnet using hundreds of private routers across the United States.

The attack was an attempt to create advances in “the communications, energy, transportation and water sectors” in order to disrupt critical U.S. functions in the event of conflict between the countries, Wray said in the news release.

SEE: Several US security companies and agencies have their eyes on Androxgh0st, a botnet targeting cloud credentials. (Technological Republic)

The attackers used a “living off the land” technique to blend in with the normal operation of the affected devices.

The FBI is contacting anyone whose computer was affected by this specific attack. It has not been confirmed whether employees of a particular organization were targeted.

How to Reduce Cybersecurity Risks from Botnets for Remote Workers

The fact that the targeted routers are privately owned highlights a security risk for IT professionals trying to keep remote workers safe. Since IT members do not monitor routers used in the home, it is difficult to know whether employers may be using older or even end-of-life routers.

Botnets are often used to launch distributed denial-of-service attacks or to distribute malware, so defenses against them are important components of a complete botnet defense. Botnets are typically run by a centralized command and control server.

Organizations should ensure they have good endpoint protection and proactive defenses, such as:

Software and hardware must be kept up to date, as end-of-life devices are particularly vulnerable. To protect devices against the use of botnet attacks, run regular security scans, institute multi-factor authentication, and keep employees informed about cybersecurity best practices.

“It is essential to proactively conduct comprehensive technology inventories of assets beyond the traditional office,” Demi Ben-Ari, chief technology officer at third-party risk management technology firm Panorays, said in an email to TechRepublic. “This approach helps identify outdated technology, ensuring remote workers have up-to-date and secure equipment.”

“While remote work presents potential vulnerabilities due to various environments, it is important to note that similar attacks could occur in an office environment,” Ben-Ari said.

scroll to top