The SecurityScorecard STRIKE Team has uncovered a renewed threat from the state-sponsored cyber-espionage group Volt Typhoon, which targets critical infrastructure using outdated devices like Cisco and Netgear routers. Once thought to be dismantled, Volt Typhoon has become more sophisticated, compromising 30% of visible Cisco RV320/325 routers in just 37 days. Their tactics include operating a botnet named JDYFJ, which masks itself using encrypted channels. A significant concern is the reliance on legacy technology, which makes sectors like energy vulnerable; a report by SecurityScorecard and KPMG indicates that third-party breaches account for 45% of incidents in the U.S. energy sector. As global law enforcement disrupts parts of the botnet, Volt Typhoon quickly adapts by establishing new command servers.
Why do we care?
This was highlighted by two security experts while I was at IT Nation as one of their biggest concerns – rogue access to core infrastructure. The obvious answer is “make sure your customers are not exposed”, but also to push for better vendor responsibility here.

