The FBI has announced that state-sponsored hackers from China targeted small office/home office routers in the U.S. in a widespread botnet attack. The routers affected were mainly manufactured by Cisco and NetGear and were already outdated. On January 31, 2024, the Department of Justice reported that the malware has been removed from the affected routers and they have been disconnected from the botnet. This incident highlights the cybersecurity risks associated with remote workers using outdated technology.
The botnet attack was orchestrated by a group of attackers known as Volt Typhoon, who are sponsored by the Chinese government. The FBI began investigating a cyberattack campaign against critical infrastructure organizations in May 2023 and later discovered that the same threat actors had created a botnet using privately-owned routers across the U.S. The attackers aimed to gain access to communications, energy, transportation, and water sectors to disrupt critical functions in the event of a conflict between the countries.
The attackers used a technique called “living off the land” to blend in with the normal operation of the affected devices. The FBI is reaching out to individuals whose equipment was affected by this specific attack, although it is unknown if a specific organization was targeted.
To reduce cybersecurity risks posed by botnets for remote workers, organizations should prioritize:
1. Keeping software and hardware up to date, particularly with end-of-life devices that are more vulnerable.
2. Running regular security scans to strengthen devices against being used in botnet attacks.
3. Implementing multifactor authentication and educating employees about cybersecurity best practices.
4. Conducting thorough tech inventories to identify outdated technology and ensure remote workers have secure equipment.
It is crucial to note that while remote work environments introduce potential vulnerabilities, similar attacks could occur in an office setting.
