Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Chinese Group Targets Outdated Routers

Opera Browser MyFlaw Security Breach Warning

January 16, 2024
Reading Time: 3 mins read
in Alerts

Chinese state-sponsored hacking group, Volt Typhoon, is reportedly targeting end-of-life Cisco routers and network devices in the U.S., U.K., and Australia, according to a report by SecurityScorecard’s STRIKE Team. The researchers found infrastructure allegedly linked to Volt Typhoon, previously implicated in high-profile incidents. The hackers exploit vulnerabilities CVE-2019-1653 and CVE-2019-1652, impacting Cisco RV320/325 routers discontinued in 2019. Approximately 30% of observed devices were compromised, suggesting an active presence. The attackers have a sophisticated strategy, focusing on legacy systems, highlighting the importance of addressing vulnerabilities in unsupported hardware.

Volt Typhoon, a Chinese government espionage unit, is reportedly targeting end-of-life Cisco routers and network devices in the U.S., U.K., and Australia, according to SecurityScorecard’s STRIKE Team. The researchers discovered new infrastructure linked to Volt Typhoon, exploiting vulnerabilities in Cisco RV320/325 routers, discontinued in 2019. The attackers leverage CVE-2019-1653 and CVE-2019-1652, compromising approximately 30% of observed devices in a 37-day period. This strategic shift focuses on exploiting unsupported hardware, emphasizing the risks associated with outdated systems in cybersecurity defenses.

The success of the Volt Typhoon campaign in exploiting end-of-life Cisco routers signifies a strategic shift towards targeting legacy systems, according to Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start. Organizations often neglect outdated hardware, underestimating the risks associated with unsupported systems. Guenther notes that Volt Typhoon’s success may encourage similar adversaries to target legacy systems, reflecting an evolution in Chinese state-sponsored cyber groups’ capabilities. The sophistication of the campaign indicates enhanced technical proficiency and a deeper understanding of global cyber infrastructure vulnerabilities.

Experts highlight the compromise of end-of-life Cisco routers, such as the RV320/325 series, as part of powerful botnet armies used by cybercriminals and nation-states. Obsolete routers, often managed by individuals outside IT departments, present a cybersecurity risk that is frequently underestimated. The increased traffic between known Volt Typhoon infrastructure and infected Cisco routers may indicate preparations for upcoming attacks or ensuring their continued operability. U.S. officials have expressed concern about Chinese state hackers’ deep access to utilities around U.S. military bases, emphasizing the shift from data theft to targeting critical infrastructure for potential disruption or attacks.

Reference:
  • Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
Tags: AustraliaChinaCiscoCyber AlertCyber Alerts 2024Cyber RiskCyber threatJanuary 2024RoutersUnited KingdomUSAVolt Typhoon
ADVERTISEMENT

Related Posts

Yes24 Down After Cyberattack

Win-DDoS Flaws Enable DC DDoS Botnets

August 12, 2025
Yes24 Down After Cyberattack

GPT-5 Jailbreak, Zero-Click AI Threats

August 12, 2025
Yes24 Down After Cyberattack

7-Zip Flaw Enables Arbitrary Code Run

August 12, 2025
WinRAR Zero-Day Actively Exploited

WinRAR Zero-Day Actively Exploited

August 11, 2025
WinRAR Zero-Day Actively Exploited

Lenovo Linux Webcam BadUSB Flaw

August 11, 2025
WinRAR Zero-Day Actively Exploited

Tesla-Themed Malware in Google Ads

August 11, 2025

Latest Alerts

Win-DDoS Flaws Enable DC DDoS Botnets

GPT-5 Jailbreak, Zero-Click AI Threats

7-Zip Flaw Enables Arbitrary Code Run

Tesla-Themed Malware in Google Ads

Lenovo Linux Webcam BadUSB Flaw

WinRAR Zero-Day Actively Exploited

Subscribe to our newsletter

    Latest Incidents

    Columbia Data Breach Hits 900K

    Chinese Gang Hits 115M US Payment Cards

    Yes24 Down After Cyberattack

    University of WA Major Data Breach

    Google Ads Customers’ Data Breach

    Connex Credit Union Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial