Cyber Security News

US Disrupts Chinese Botnet that Hijacks SOHO Routers

In a decisive action, the U.S. The Department of Justice (DOJ) has disrupted a cyber operation by Chinese state-sponsored hackers. 

This operation, codenamed Volt Typhoon, targeted American critical infrastructure using a vast network of compromised routers.

Hundreds of small office/home office (SOHO) routers, primarily Cisco and NetGear models past their “end-of-life” status, were infected with the “KV Botnet” malware. 

This malware served as a hidden gateway, allowing the attackers to conceal their activities and target critical infrastructure across the nation.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Taking Back Control: A Court-Authorized Cleanup:

Through a landmark court order, the DOJ conducted a meticulous operation to dismantle this cyber threat. 

The compromised routers were remotely accessed and cleansed of the malicious software. 

Additionally, measures were taken to sever their connection to the botnet, effectively neutralizing them as tools for further attacks.

A Multi-Pronged Defense:

This operation went beyond mere malware removal. The DOJ and its partners, including the FBI, CISA, and private sector entities, are proactively safeguarding critical infrastructure and educating the public. 

Here’s a breakdown of their efforts:

  • Victim Notification: All router owners affected by the operation are being notified, ensuring awareness and potential mitigation actions.
  • Public Awareness: Extensive guidance is being released to help individuals and organizations identify and address network vulnerabilities.
  • Cyber Hygiene Emphasis: The importance of timely security updates and replacing outdated equipment is being stressed to prevent future exploitation
Sujatha

Sujatha is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under her belt in Cyber Security, she is covering Cyber Security News, technology and other news.

Recent Posts

New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands

ChaosBot surfaced in late September 2025 as a sophisticated Rust-based backdoor targeting enterprise networks. Initial…

14 hours ago

Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira Ransomware

Threat actors have reemerged in mid-2025 leveraging previously disclosed vulnerabilities in SonicWall SSL VPN appliances…

14 hours ago

Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture

Menlo Park, USA, October 10th, 2025, CyberNewsWire AccuKnox, a leader in Zero Trust Cloud Native…

15 hours ago

175 Malicious npm Packages With 26,000 Downloads Attacking Technology, and Energy Companies Worldwide

Socket's Threat Research Team has uncovered a sophisticated phishing campaign involving 175 malicious npm packages…

15 hours ago

RondoDox Botnet Exploits 50+ Vulnerabilities to Attack Routers, CCTV Systems and Web Servers

Since its emergence in early 2025, RondoDox has rapidly become one of the most pervasive…

16 hours ago

Microsoft Defender Incorrectly Flags SQL Server Software as End-of-life

Microsoft Defender for Endpoint is incorrectly flagging specific versions of SQL Server as having reached…

18 hours ago