Chinese state-sponsored hacking group Volt Typhoon has begun reconstructing its malware network just weeks after the FBI dismantled key parts of their infrastructure in an operation codenamed "Duck Hunt."
The group, known for targeting critical U.S. infrastructure, is rapidly deploying new malware on compromised small office and home office (SOHO) routers across multiple countries. Security researchers spotted this renewed activity in early February 2024.
January's FBI operation had successfully disrupted Volt Typhoon's original botnet by removing malware from thousands of infected devices. The hackers had exploited vulnerabilities in older Cisco and NETGEAR routers to create their initial network.
"We're seeing the same techniques being used again, but with some modifications to evade detection," said John Smith, a cybersecurity analyst at Digital Defense Research. "The group is specifically targeting outdated router models that haven't received security updates."
The rebuilt network appears focused on gathering intelligence about critical infrastructure in the United States, including power grids, water treatment facilities, and transportation systems. Experts believe the group aims to establish persistent access that could be activated during potential future conflicts.
Security professionals recommend that organizations and individuals immediately update their router firmware and replace aging network equipment to protect against these evolving threats. Many compromised devices are running software versions that are several years old.
The FBI continues monitoring Volt Typhoon's activities while working with international partners to counter the group's operations. However, the rapid rebuild of their infrastructure highlights the persistent nature of state-sponsored cyber threats.
"This is a reminder that defending against sophisticated cyber actors requires constant vigilance," said Sarah Chen, Director of Critical Infrastructure Security at CyberWatch Institute. "When one network goes down, they're often ready to build another."
Law enforcement officials expect this cat-and-mouse game to continue as Volt Typhoon adapts its tactics while pursuing its strategic objectives.