The Volt Typhoon threat group has quickly restored operations after an earlier crackdown, now using outdated routers as critical entry points for their malicious activities.
According to SecurityScorecard, the group's use of compromised Cisco RV320/325 routers enables them to disguise their operations effectively, presenting their actions as normal network traffic.
In a mere 37 days, Volt Typhoon managed to compromise 30% of the visible Cisco RV320/325 routers, indicating the group's increased sophistication.
Their approach involves sophisticated MIPS-based malware and tactics like webshell implants, ensuring persistent access and control over the compromised routers.
Collection
[
|
...
]