January 31, 2024 at 11:15AM
CISA and the FBI have issued a warning to small office/home office (SOHO) router manufacturers to enhance security against attacks by Chinese state-backed hacking group Volt Typhoon. The agencies urge eliminating vulnerabilities, automating security updates, and safeguarding against Volt Typhoon activity. This follows ongoing attacks targeting U.S. critical infrastructure organizations using compromised SOHO routers.
Key takeaways from the meeting notes:
1. CISA and the FBI have issued guidance to manufacturers of small office/home office (SOHO) routers to enhance security measures against ongoing attacks, particularly those orchestrated by the Chinese state-backed hacking group, Volt Typhoon (Bronze Silhouette).
2. Manufacturers are urged to eliminate vulnerabilities in the web management interfaces (WMIs) of SOHO routers during the design phase, integrate automated security updates, require manual overrides for disabling security settings, and restrict WMI access to devices connected to the local area network.
3. The CISA and FBI emphasize the need for manufacturers to prioritize security in the design, development, and maintenance of SOHO routers to prevent compromise and minimize the risk of these devices being used as launchpads for attacks on U.S. critical infrastructure organizations.
4. Manufacturers are encouraged to disclose vulnerabilities via the Common Vulnerabilities and Exposures (CVE) program and provide accurate Common Weakness Enumeration (CWE) classification for these vulnerabilities. Furthermore, they are advised to implement incentive structures that prioritize security during product design and development.
5. The Volt Typhoon attacks targeting SOHO routers are associated with the KV-botnet malware, which has been linked to Chinese cyberspies and has been targeting devices since at least August 2022.
6. Volt Typhoon is known for targeting routers, firewalls, and VPN devices to facilitate malicious traffic and evade detection during attacks. The group has been involved in breaching U.S. critical infrastructure organizations, including those located in Guam.
7. The U.S. government has reportedly taken down part of Volt Typhoon’s infrastructure in recent months.
Overall, the meeting notes highlight the urgency for enhanced security measures in SOHO routers to mitigate the risks posed by Volt Typhoon and other threat actors targeting U.S. critical infrastructure.