Your home office may have helped China attack critical U.S. infrastructure — here’s how

Officials with the Department of Justice announced on Wednesday that they had completed a court-authorized sweep of hundreds of home- and small-office routers around the country that had been infected with a malicious program called the “KV botnet.”

Computer-security experts had identified the malware last year as part of an operation called “Volt Typhoon,” launched by state-sponsored hackers in China to target infrastructure systems in the U.S.  

Investigators say the hackers used the compromised routers to evade detection in a technique known as “living off the land.”

Experts say botnets of this type are often hard to detect as they don’t typically disrupt the normal operation of the device. Corporate systems tend to be less susceptible because companies usually employ IT techs to monitor for such intrusions. 

Prosecutors say most of the infected routers, which were manufactured by Cisco Systems Inc.
CSCO,
-3.78%
and NetGear Inc.
NTGR,
-2.80%,
had reached “end-of-life” status, meaning they were no longer being supported by the companies with updates to their security patches. 

In a statement, the DOJ said the court-authorized operation automatically deleted the malware from the infected routers or blocked them from communicating with devices that were being used to control them.  

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict” said FBI Director Christopher Wray. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.” 

A message left with the Chinese embassy in Washington, D.C. wasn’t immediately returned.

Officials said that the operation didn’t disrupt the functioning of any of the hacked routers or collect any information from them. Anyone whose equipment was affected will receive notice from the FBI.