Volt Typhoon
Coverage of Volt Typhoon in the Nexus archive.
- Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate
Chinese operatives are rebuilding botnets like Volt Typhoon, with the JDY cluster now comprising over 1,500 compromised devices targeting US military and infrastructure. They also used American AI tools like ChatGPT for influence operations promoting narratives about AI datacenters increasing energy costs, though these efforts lacked significant engagement.
- China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, linked to Chinese threat actors like Volt Typhoon, has expanded its targeting of U.S. military networks through increased reconnaissance efforts. The malware network has significantly broadened its scope of cyber operations.
- CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners to plan for delivering essential services under emergency conditions, potentially for months at a time, due to threats from state-sponsored hackers. The agency is working with the private sector to protect operational technology from attacks. The initiative, known as CI Fortify, aims to create plans for safe operations while isolated from IT networks and third-party tools.
- A dozen allied agencies say China is building covert hacker networks out of everyday routers
A dozen allied agencies warn that China-nexus cyber actors are using large-scale covert networks composed of compromised SOHO routers and IoT devices to conduct cyberattacks. These networks enable low-risk, deniable operations for reconnaissance, malware delivery, and espionage, with examples like the Raptor Train botnet. The advisory highlights a strategic shift in tactics and urges organizations to adopt defensive measures.