New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

December 15, 2023 at 09:54AM A new botnet named KV-botnet, compromising firewalls and routers from various manufacturers, is used for covert data transfer by advanced persistent threat actors, particularly the China-linked threat actor Volt Typhoon. The botnet’s two clusters target high-profile victims and utilize IP addresses based in China. The operators also focus on removing … Read more

Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov’t Entities

December 14, 2023 at 05:20PM Lumen’s Black Lotus Labs recently identified the KV-Botnet, a sophisticated Internet of Things (IoT) botnet targeting US government and communications organizations. The botnet infects network devices from various vendors and is connected to the Chinese state-aligned Volt Typhoon threat actor. It features advanced stealth mechanisms and the ability to deploy … Read more

Stealthy KV-botnet hijacks SOHO routers and VPN devices

December 13, 2023 at 05:50PM The Chinese state-sponsored hacking group Volt Typhoon, also known as Bronze Silhouette, has been linked to the sophisticated botnet ‘KV-botnet’ since 2022. The group targets SOHO routers, firewalls, and VPN devices, aiming to disrupt critical communications infrastructure. The botnet’s activities indicate a focus on espionage and information gathering, with recent … Read more

Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure

October 25, 2023 at 12:16PM Chinese hacking group Volt Typhoon has shifted its focus to targeting critical infrastructure installations, according to Mandiant Intelligence’s John Hultquist. The group, known for economic espionage and IP theft, has been conducting deliberate, long-term infiltration attempts below the radar. Experts have raised concerns, with Microsoft noting the potential for disruption … Read more