US shuts down China-backed botnet targeting home office routers

WASHINGTON: The US government has shut down a Chinese government-backed botnet that hijacked "hundreds" of small office and home office routers in the US.

The hackers, known to the private sector as 'Volt Typhoon', used privately-owned small office/home office (SOHO) routers infected with the "KV Botnet" malware to conceal the People's Republic of China (PRC) origin of further hacking activities directed against US and other foreign victims.

The vast majority of routers that comprised the KV Botnet were Cisco and NetGear routers that were vulnerable because they had reached “end of life” status, no longer supported through security patches or other software updates.

The court-authorised operation deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet, the US Justice Department said in a statement.

"The Justice Department has disrupted a PRC-backed hacking group that attempted to target America’s critical infrastructure utilising a botnet," said Attorney General Merrick B. Garland.

"In wiping out the KV Botnet from hundreds of routers nationwide, the Department of Justice is using all its tools to disrupt national security threats – in real time," said Deputy Attorney General Lisa O. Monaco.

The operation did not impact the legitimate functions of, or collect content information from, hacked routers.

Additionally, the court-authorised steps to disconnect the routers from the KV Botnet and prevent reinfection are temporary in nature.

"A router's owner can reverse these mitigation steps by restarting the router. However, a restart that is not accompanied by mitigation steps similar to those the court order authorised will make the router vulnerable to reinfection,” said the Justice Department.