FBI and DOJ disrupt campaign targeting critical infrastructure through small/home office routers and cybercrime money laundering operation

Feb 05, 2024 - 03:11 PM
cybersecurity-hand-lock-graphic_900x400

The Department of Justice has disrupted a botnet of hundreds of small office and home office routers hijacked by hackers sponsored by the People’s Republic of China in a campaign targeting U.S. critical infrastructure and other organizations. Most of the infected routers were Cisco and NetGear routers that were no longer supported through the manufacturer’s security patches or other software updates. The DOJ’s court-authorized operation deleted the “KV Botnet” malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict,” said FBI Director Christopher Wray. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans.”

In other news, the department charged a Belarusian and Cypriot national with operating an unlicensed digital currency exchange that allegedly received criminal proceeds from numerous computer intrusions and hacking incidents, including ransomware scams.  

“These significant and commendable FBI enforcement actions deal a blow to the dual-natured cyberthreats we are facing as a field,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “First, in terms of nation-state threats, the FBI’s identification and pre-emptive removal of the Volt Typhoon destructive malware is proof positive that Chinese government cyber efforts are no longer solely focused on espionage and data theft. They clearly intend to be in a position to inflict physical harm to our critical infrastructure, impacting the safety of hospitals and all Americans. Given the current and future strategic threat environment, it would be prudent for hospitals and health systems to closely coordinate emergency management and cyber incident response planning to include contingency planning for disruption to utilities and communications. Second, the enforcement action against the unlicensed digital currency exchanger is also significant as it has disrupted a channel for laundering of cybercrime proceeds. Digital currency is fuel for all cybercrime and illegal digital currency exchangers are the filling stations for cybercriminals. Shutting them down is key to reducing the global cyberthreat we all face.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
OCR launches webpage with HIPAA FAQs on Change Healthcare cyberattack
The Department of Health and Human Services’ Office for Civil Rights April 19 launched a webpage answering HIPAA-related FAQs about the Change Healthcare…
Headline
Agencies issue ransomware alert, guidance for securely deploying AI
U.S. and European agencies April 18 recommended organizations implement certain best practices to protect against the latest versions of Akira ransomware,…
Headline
AHA urges Congress to reject cybersecurity proposal in HHS budget request
In a statement submitted to the House Energy and Commerce Health Subcommittee for a hearing April 17 on President Biden’s fiscal year 2025 Health and Human…
Headline
HHS Deputy Secretary Palm discusses Change Healthcare attack and future of cybersecurity
Department of Health and Human Services Deputy Secretary Andrea Palm addressed AHA Annual Membership Meeting attendees about the Administration’s work to…
Headline
Representative Guthrie discusses cybersecurity, prior authorizations and telehealth
Rep. Brett Guthrie, R-Ky., today addressed attendees of AHA’s 2024 Annual Membership Meeting and touched on many of the biggest issues in health care:…
Headline
AHA testifies at hearing on health care cybersecurity
Testifying April 16 before a House Energy and Commerce Subcommittee on Health hearing on addressing health care cybersecurity vulnerabilities in the wake of…