Hundreds of outdated Fortinet, Cisco, and Netgear small office home office routers, some of which were in high-value networks, have been leveraged by Chinese advanced persistent threat operation Volt Typhoon to form the sophisticated KV-botnet and establish a covert data transfer network, reports SecurityWeek.
Aside from having SOHO routers that have reached end-of-life, the KV-botnet has been recently updated to include compromised Axis IP cameras, according to Lumen Technologies' Black Lotus Labs.
"Taking note of the structural changes, targeting of new device types like IP cameras, and mass exploitation in early December, we suspect this could be a precursor to increased activity during the holiday season," said the report.
More threat actors are also expected to target compromised routers and firewalls in their operations.
"There is a large supply of vastly out-of-date and generally considered end-of-life edge devices on the internet, no longer eligible to receive patches. Additionally, because these models are associated with home and small business users, it's likely many targets lack the resources and expertise to monitor or detect malicious activity and perform forensics," said Black Lotus Labs researcher Danny Adamitis