Endpoint/Device Security, Threat Intelligence

US, others potentially targeted by new Volt Typhoon attacks exploiting Cisco router bugs

The U.S., Australia, India, and the UK are having their government institutions subjected to new attacks by Chinese advanced persistent threat operation Volt Typhoon leveraging a pair of critical vulnerabilities in end-of-life Cisco small business RV320/325 VPN routers, tracked as CVE-2019-1652 and CVE-2019-1653, according to SecurityWeek. Nearly 30% of vulnerable Cisco routers have been compromised by Volt Typhoon over 37 days, with one of the devices based on New Caledonia believed to have been used to facilitate improved targeting, a report from SecurityScorecard revealed. Researchers also discovered that Volt Typhoon's botnet infrastructure had communications with 27 IP addresses hosting 69 sites belonging to the targeted countries' government entities. "While public reporting on Volt Typhoon has not previously noted its targeting of Australian or UK government assets in addition to U.S. ones, such activity would be in keeping with PRC nation-state cyber activity more generally, as these countries' roles in the Western alliance system (including their Five Eyes and AUKUS membership) have contributed to their frequent targeting by China-linked APT group," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.