It’s an unintended consequence of the boom in home offices.
Federal investigators say they have broken up a vast network of compromised home-office routers that had been used by hackers in China to help attack critical infrastructure in the U.S.
Department of Justice officials announced Wednesday that they had completed a court-authorized sweep of hundreds of home- and small-office routers around the country that had been infected with a malicious program called the “KV botnet.”
Computer-security experts identified the malware last year as part of an operation called “Volt Typhoon,” launched by state-sponsored hackers in China to target infrastructure systems in the U.S.
Investigators say the hackers used the compromised routers to evade detection in a technique known as “living off the land,” in which they avoid detection by blending in with normal computer system and network activities.
Botnets of this type are often hard to detect, as they don’t typically disrupt the normal operation of the device, experts say. Corporate systems tend to be less susceptible because companies usually employ IT techs to monitor for such intrusions.
Prosecutors say most of the infected routers, which were manufactured by Cisco Systems Inc.
CSCO,
and NetGear Inc.
NTGR,
had reached “end of life” status, meaning they were no longer being supported by the companies with updates to their security patches.
In a statement, the DOJ said the court-authorized operation automatically deleted the malware from the infected routers or blocked them from communicating with devices that were being used to control them.
“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict,” said Federal Bureau of Investigation Director Christopher Wray. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation and water sectors.”
Liu Pengyu, a spokesman for the Chinese embassy in Washington, D.C., said the government in Beijing “has been categorical in opposing hacking attacks and the abuse of information technology.”
“The United States has the strongest cyber technologies of all countries, but has used such technologies in hacking, eavesdropping more than others. We urge the U.S. side to stop making irresponsible criticism against other countries on the issue of cyber-security,” he said.
U.S. officials said the operation didn’t disrupt the functioning of any of the hacked routers or collect any information from them. Anyone whose equipment was affected will receive notice from the FBI.
