US, others potentially targeted by new Volt Typhoon attacks exploiting Cisco router bugs

The U.S., Australia, India, and the UK are having their government institutions subjected to new attacks by Chinese advanced persistent threat operation Volt Typhoon leveraging a pair of critical vulnerabilities in end-of-life Cisco small business RV320/325 VPN routers, tracked as CVE-2019-1652 and CVE-2019-1653, according to SecurityWeek. Nearly 30% of vulnerable Cisco routers have been compromised by Volt Typhoon over 37 days, with one of the devices based on New Caledonia believed to have been used to facilitate improved targeting, a report from SecurityScorecard revealed. Researchers also discovered that Volt Typhoon's botnet infrastructure had communications with 27 IP addresses hosting 69 sites belonging to the targeted countries' government entities. "While public reporting on Volt Typhoon has not previously noted its targeting of Australian or UK government assets in addition to U.S. ones, such activity would be in keeping with PRC nation-state cyber activity more generally, as these countries' roles in the Western alliance system (including their Five Eyes and AUKUS membership) have contributed to their frequent targeting by China-linked APT group," said researchers.