FBI and DOJ disrupt campaign targeting critical infrastructure through small/home office routers and cybercrime money laundering operation

Feb 05, 2024 - 03:11 PM
cybersecurity-hand-lock-graphic_900x400

The Department of Justice has disrupted a botnet of hundreds of small office and home office routers hijacked by hackers sponsored by the People’s Republic of China in a campaign targeting U.S. critical infrastructure and other organizations. Most of the infected routers were Cisco and NetGear routers that were no longer supported through the manufacturer’s security patches or other software updates. The DOJ’s court-authorized operation deleted the “KV Botnet” malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict,” said FBI Director Christopher Wray. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans.”

In other news, the department charged a Belarusian and Cypriot national with operating an unlicensed digital currency exchange that allegedly received criminal proceeds from numerous computer intrusions and hacking incidents, including ransomware scams.  

“These significant and commendable FBI enforcement actions deal a blow to the dual-natured cyberthreats we are facing as a field,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “First, in terms of nation-state threats, the FBI’s identification and pre-emptive removal of the Volt Typhoon destructive malware is proof positive that Chinese government cyber efforts are no longer solely focused on espionage and data theft. They clearly intend to be in a position to inflict physical harm to our critical infrastructure, impacting the safety of hospitals and all Americans. Given the current and future strategic threat environment, it would be prudent for hospitals and health systems to closely coordinate emergency management and cyber incident response planning to include contingency planning for disruption to utilities and communications. Second, the enforcement action against the unlicensed digital currency exchanger is also significant as it has disrupted a channel for laundering of cybercrime proceeds. Digital currency is fuel for all cybercrime and illegal digital currency exchangers are the filling stations for cybercriminals. Shutting them down is key to reducing the global cyberthreat we all face.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
FBI warns of cyber actors exploiting end-of-life routers
The FBI's Internet Crime Complaint Center released an alert May 7 warning of cyber actors exploiting vulnerabilities in end-of-life routers. Routers dated 2010…
Headline
FBI warns of malicious text, voice-messaging campaign impersonating senior U.S. officials
The FBI’s Internet Criminal Complaint Center May 15 released an alert warning of a malicious text and voice messaging campaign involving impersonators…
Headline
AHA blog — 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as…
Headline
Report: Health care had most reported cyberthreats in 2024 
Health care had more cyberthreats last year than any other critical infrastructure industry, according to the FBI's 2024 Internet Crime Report released April…
Headline
NSA report includes recommendations for OT device security
The National Security Agency April 23 released a report on operational technology systems that includes recommendations for security policies and technical…
Chairperson's File
Chair File: Leadership Dialogue — Cybersecurity in Health Care with John Riggi, AHA’s National Advisor for Cybersecurity and Risk
Public
Cybersecurity and physical threats are unfortunately significant enterprise risks for health care, regardless of size or location. Every hospital, physician…