FBI Director Christopher Wray announced today that the FBI has shut down an attempt by Chinese-backed hackers to disrupt U.S. critical infrastructure, such as water treatment plants, oil and gas pipelines, and transportation systems. In a House committee hearing today, he described how the Chinese-backed hacker group code named “Volt Typhoon" had targeted and successfully infiltrated hundreds of office and home-office routers such that the hackers were able to create a botnet of the affected routers and access data of the victims.
Instead of just making a blanket announcement cautioning potential victims, the FBI, under a court order, went into the affected routers and removed the KV Botnet malware from them. The move underscores that the FBI and other government agencies may take action to protect critical infrastructure, even if the operators of that infrastructure does not.
Many of the affected routers were “end of life” and no longer supported by their respective manufacturers. This emphasizes the need for businesses of all sizes (especially those involved in critical infrastructure) to keep both hardware and software of their network infrastructure up to date, and to replace devices that are end of life and no longer supported.