DOJ, FBI Stop Botnet From China-Led Hacking Operation

The FBI and the Department of Defense have disabled a botnet from a Chinese government-directed hacking campaign called Volt Typhoon.

According to court records released on Monday, an unidentified FBI official said that the bureau disrupted the botnet on infected routers by deleting the KV Botnet malware from devices without impacting their data and function.

Reuters was the first to report on the operation on Monday, and it comes after Volt Typhoon was first exposed in a May 2023 Microsoft advisory, CyberScoop reported.

Speaking at a congressional hearing on Wednesday, FBI Director Christopher Wray said that Chinese hackers are well-positioned to attack U.S. infrastructure and could cause real-world harm to Americans. CISA Director Jen Easterly said during the same hearing that the threat is not theoretical, as her team has found and eradicated China-led operations on a variety of critical infrastructure networks.

In May 2023, the Five Eyes intelligence alliance issued a joint cybersecurity advisory warning the international community of the threat brought about by the Volt Typhoon. The document details the primary tactics, techniques and procedures of the state-sponsored malicious actor.