FBI and DOJ disrupt campaign targeting critical infrastructure through small/home office routers and cybercrime money laundering operation

Feb 05, 2024 - 03:11 PM
cybersecurity-hand-lock-graphic_900x400

The Department of Justice has disrupted a botnet of hundreds of small office and home office routers hijacked by hackers sponsored by the People’s Republic of China in a campaign targeting U.S. critical infrastructure and other organizations. Most of the infected routers were Cisco and NetGear routers that were no longer supported through the manufacturer’s security patches or other software updates. The DOJ’s court-authorized operation deleted the “KV Botnet” malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict,” said FBI Director Christopher Wray. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans.”

In other news, the department charged a Belarusian and Cypriot national with operating an unlicensed digital currency exchange that allegedly received criminal proceeds from numerous computer intrusions and hacking incidents, including ransomware scams.  

“These significant and commendable FBI enforcement actions deal a blow to the dual-natured cyberthreats we are facing as a field,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “First, in terms of nation-state threats, the FBI’s identification and pre-emptive removal of the Volt Typhoon destructive malware is proof positive that Chinese government cyber efforts are no longer solely focused on espionage and data theft. They clearly intend to be in a position to inflict physical harm to our critical infrastructure, impacting the safety of hospitals and all Americans. Given the current and future strategic threat environment, it would be prudent for hospitals and health systems to closely coordinate emergency management and cyber incident response planning to include contingency planning for disruption to utilities and communications. Second, the enforcement action against the unlicensed digital currency exchanger is also significant as it has disrupted a channel for laundering of cybercrime proceeds. Digital currency is fuel for all cybercrime and illegal digital currency exchangers are the filling stations for cybercriminals. Shutting them down is key to reducing the global cyberthreat we all face.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
FDA announces software patch available for Contec, Epsimed patient monitors to address vulnerabilities
The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in…
Headline
Agencies release fact sheet on potential of malicious activity by Iranian cyber actors 
The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center and the National Security Agency June 30 released a fact…
Headline
CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 
The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers…
Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…
Headline
Agencies release guidance on AI data security 
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners May 22 released guidance on securing data used for…
Headline
Russian state-sponsored cyber actors targeting tech companies, others 
The FBI, along with the National Security Agency and other international cybersecurity agencies, this week released a joint agency advisory on cyber operations…