Mode of operation
The Volt Typhoon strategy is defined by durability and flexibility. Instead of retreating when discovered, the group is strengthening its position, exploiting long-overlooked vulnerabilities in the Cisco RV320/325 and Netgear ProSafe routers.
The botnet infrastructure of PRC-backed hackers is designed to avoid detection. They use servers across Europe and Asia-Pacific to hide their command and control (C2) operations. The group’s strategy includes hiding vehicles using network providers in countries such as the Netherlands, Latvia, and Germany, the report said.
“All layers of the Volt Typhoon infrastructure are designed to integrate malicious activities into everyday operations, making them harder to detect and even harder to remove – especially in sectors like government and critical infrastructure that still rely on outdated technology,” the report added.
Source link