Home Networks at Risk: US Agencies Sound Alarm on SOHO Router Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to American organizations regarding the escalating threat of cyberattacks targeting small office/home office (SOHO) routers.

Particular attention is drawn to assaults orchestrated by the Chinese hacker group Volt Typhoon (also known as Bronze Silhouette), which has recently been actively attempting to seize control of such devices within various American entities.

Although the latest wave of attacks was successfully repelled, router manufacturers have been advised to prioritize cybersecurity measures for network devices more than ever before.

Specifically, it is recommended to eliminate all potential vulnerabilities in router management web interfaces and other network equipment during the design and development stages, if at all possible.

Copyright: Thomas Jensen  on Unsplash I License: CC0 Public  Domain

Security experts have proposed several effective strategies, such as altering the standard configuration of routers to automate firmware updates, requiring manual confirmation for disabling security settings, and restricting access to the router management interface to devices connected via a local network only.

On one hand, this may slightly reduce the functionality and potential use cases for routers, but on the other, it will eliminate the majority, if not all, external security threats.

Inexpensive routers are highly popular among small organizations as well as in the homes of many Americans. The ability to access these devices over the Internet renders them vulnerable to being commandeered into botnet armies by malefactors and subsequently used to orchestrate DDoS attacks, including those aimed at the country’s critical infrastructure.

CISA has specifically highlighted the activities of the Volt Typhoon group, associated with Chinese cyber espionage and targeting SOHO routers since August 2022, using the “KV-botnet” malware.

In June 2023, a US government advisory body assessed that this group is working on creating infrastructure that could potentially be used to disrupt communications throughout the United States.

A report by Microsoft in May of the previous year mentioned that since mid-2021, Chinese hackers have regularly attacked and penetrated critical infrastructure organizations in the US, including Guam, which hosts several American military bases.

Volt Typhoon is known for attacks on routers, firewalls, and VPN devices, allowing hackers to disguise the transmission of malicious traffic and thereby avoid detection during attacks. In addition to military facilities, such covert networks have repeatedly struck American telecommunications and internet providers, as well as various governmental entities, including critical infrastructure.

As previously reported, the US government has already partially neutralized the Volt Typhoon infrastructure, but nothing prevents the hackers from reorganizing their network and returning later with an even more massive and destructive attack.