Chinese hackers Volt Typhoon are back and are rebuilding their botnet to target new victims


  • Volt Typhoon is quickly rebuilding its botnet from older routers
  • Traffic is obfuscated by web shells and MIPS-based malware
  • Critical infrastructure needs to be upgraded away from EOL devices

US allies and authorities recently dismantled parts of a network of older small office and home office (SOHO) routers infected with the KV Botnet malware, used by the infamous Volt Typhoon group to attack US critical infrastructure.

However, a massive new botnet is rapidly growing that targets the same vulnerable legacy edge devices within critical infrastructure, and the Security Scorecard STRIKE team thinks it’s Volt Typhoon rising from the ashes.