The FBI said in February that a China-linked threat group was found to have hijacked “hundreds” of small office/home office (SOHO) routers based in the U.S. as part of a campaign to compromise U.S. critical infrastructure providers. The FBI said it succeeded at disrupting the efforts of the group, known as Volt Typhoon, which is backed by the Chinese government. Targets of the Volt Typhoon attacks included providers of critical services including communications, energy, water and transportation, the FBI said.
The routers compromised by the group together formed an assembly of malware-infected devices, known as a botnet, which the threat group could use for launching an attack against U.S. critical infrastructure, the FBI said.
Later in February, the FBI said it disrupted a widespread campaign by Russia-aligned hackers that had compromised “hundreds” of SOHO routers. The attacks were pinned on the Russian intelligence agency GRU, which had also been attempting to use the hijacked routers as a botnet for the purposes of espionage, according to the FBI.