Lädt...


🕵️ Volt Typhoon’s KV-Botnet and the Threat to Global Communications, Attacks on SOHO routers


Nachrichtenbereich: 🕵️ Hacking
🔗 Quelle: blackhatethicalhacking.com

Volt Typhoon’s KV-Botnet and the Threat to Global Communications, Attacks on SOHO routers

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Chinese state-sponsored hacking group linked to sophisticated botnet targeting critical infrastructure.

A joint report by Microsoft and the US government has linked the Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) to a sophisticated botnet named ‘KV-botnet.’ This botnet has been used since at least 2022 to attack SOHO routers in high-value targets, including telecommunication and internet service providers, a US territorial government entity in Guam, a renewable energy firm in Europe, and US military organizations.
 
Volt Typhoon commonly targets routers, firewalls, and VPN devices to proxy malicious traffic, blending it with legitimate traffic to remain undetected. A detailed report published by the Black Lotus Labs team at Lumen Technologies reveals that the attackers are building infrastructure that could disrupt critical communications infrastructure between the United States and the Asia region during future crises, according to Microsoft.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

KV-Botnet Technical Details

Black Lotus has identified two distinct activity clusters within the KV-Botnet, labeled as ‘KV’ and ‘JDY.’ The former targets high-value entities and is likely operated manually, while the latter engages in broader scanning using less sophisticated techniques.

Two separate clusters of activity linked to KV-botnetTwo separate clusters of activity linked to KV-botnet (Lumen)
 
This botnet specifically targets end-of-life devices utilized by SOHO (small office, home office) entities that lack robust security measures. It supports various architectures, including ARM, MIPS, MIPSEL, x86_64, i686, i486, and i386.
 
Initially focusing on Cisco RV320s, DrayTek Vigor routers, and NETGEAR ProSAFE firewalls, the malware later expanded its scope to include Axis IP cameras such as models M1045-LW, M1065-LW, and p1367-E.
 
Volt Typhoon employs a complex infection chain involving multiple files, including bash scripts (kv.sh), which halt specific processes and remove security tools running on the infected device.
 
 
The KV (manual) infection chainThe KV (manual) infection chain (Lumen)
 
To avoid detection, the bot establishes random ports for communication with the C2 (command and control) server and disguises itself by adopting the names of existing processes. Furthermore, all tooling resides in memory, making the bot challenging to detect, although this approach impacts its ability to persist on compromised devices.
 
 
The commands received by KV-Botnet from the C2 server encompass updating communication settings, exfiltrating host information, performing data transmission, creating network connections, executing host tasks, and other functions.
 
 
 



Chinese Link

Black Lotus Labs has linked this botnet to Volt Typhoon after finding overlaps in IP addresses, similar tactics, and working times that align with China Standard Time.

KV-botnet activity times align with China working hoursKV-botnet activity times align with China working hours (Lumen)

Lumen has released indicators of compromise (IOCs) on GitHub, including malware hashes and IP addresses associated with the botnet, shedding light on the covert operations of Volt Typhoon.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

The post Volt Typhoon’s KV-Botnet and the Threat to Global Communications, Attacks on SOHO routers first appeared on Black Hat Ethical Hacking. ...

📰 CISA: Vendors must secure SOHO routers against Volt Typhoon attacks


📈 73.86 Punkte
📰 IT Security Nachrichten

📰 Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors


📈 47.57 Punkte
📰 IT Security Nachrichten

📰 New 0-Day Attacks Linked to China’s ‘Volt Typhoon’


📈 43.9 Punkte
📰 IT Security Nachrichten

🎥 E-Coli, #Mercedes, #Cloudflare, #Ivanti, Volt Typhoon, GIGO, #AI, #Congress, Aaran Leyland, and more


📈 39.97 Punkte
🎥 IT Security Video

📰 Volt Typhoon And The Disruption Of The U.S. Cyber Strategy


📈 39.97 Punkte
📰 IT Security Nachrichten

🔧 Tìm Hiểu Về RAG: Công Nghệ Đột Phá Đang "Làm Mưa Làm Gió" Trong Thế Giới Chatbot


📈 39.48 Punkte
🔧 Programmierung

📰 'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs


📈 38.3 Punkte
📰 IT Security Nachrichten

🎥 Tesla | TikTok | Karakurt | VISS | Volt Typhoon | Cozy Bear | Aaran Leyland & More! – SWN349


📈 38.3 Punkte
🎥 IT Security Video

📰 China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 US shorts China's Volt Typhoon crew targeting America's criticals


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 US Thwarts Volt Typhoon Cyber Espionage Campaign Through Router Disruption


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Chinesisches Botnetz Volt Typhoon zerschlagen - B2B Cyber Security


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 MAR-10448362-1.v1 Volt Typhoon


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 US says China's Volt Typhoon is readying destructive cyberattacks


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Volt Typhoon not the only Chinese crew lurking in US energy, critical networks


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 CISA: China’s Volt Typhoon Hackers Planning Critical Infrastructure Disruption


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Niederlande: Militärnetzwerk über FortiGate gehackt; Volt Typhoon-Botnetz seit 5 Jahren in US-Systemen


📈 38.3 Punkte
📰 IT Nachrichten

📰 China-linked APT Volt Typhoon remained undetected for years in US infrastructure


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 China's Volt Typhoon spies broke into emergency network of 'large' US city


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Volt Typhoon Seen Exfiltrating Sensitive OT Data


📈 38.3 Punkte
📰 IT Security Nachrichten

🕵️ Was ist Volt Typhoon, die chinesische Hackergruppe, vor der das FBI warnt und ... - MarketScreener


📈 38.3 Punkte
🕵️ Hacking

📰 How to Hunt for Volt Typhoon Malware in Critical Infrastructure


📈 38.3 Punkte
📰 IT Security Nachrichten

🎥 MoveIT, Entrust, Fed Reserve, ISPs, Volt Typhoon & More - SWN #395


📈 38.3 Punkte
🎥 IT Security Video

📰 Beijing's attack gang Volt Typhoon was a false flag inside job conspiracy: China


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Volt Typhoon suspected of exploiting Versa SD-WAN bug since June


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 China-linked APT Volt Typhoon exploited a zero-day in Versa Director


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Volt Typhoon: China-Hacker nutzen Server-Bug und greifen Provider an


📈 38.3 Punkte
📰 IT Security Nachrichten

🕵️ Volt Typhoon: China-Hacker nutzen Server-Bug und greifen Provider an - WinFuture


📈 38.3 Punkte
🕵️ Hacking

📰 Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs


📈 38.3 Punkte
📰 IT Security Nachrichten

📰 Volt Typhoon nutzt Sicherheitslücke in Versa Servern aus


📈 38.3 Punkte
📰 IT Security Nachrichten

matomo