The modus operandi
Volt Hurricane’s technique is outlined by its resilience and flexibility. As a substitute of retreating when detected, the group intensifies its foothold, exploiting long-overlooked vulnerabilities in legacy Cisco RV320/325 and Netgear ProSafe routers.
The PRC-backed hackers’ botnet infrastructure is constructed to keep away from detection. They use servers throughout Europe and Asia-Pacific to masks their command-and-control (C2) operations. The group’s technique contains hiding site visitors by means of community suppliers in international locations such because the Netherlands, Latvia, and Germany, the report mentioned.
“Each layer of Volt Hurricane’s infrastructure is designed to mix malicious actions into on a regular basis operations, making them troublesome to detect and even more durable to take away — particularly in sectors like governments and important infrastructure that also depend upon outdated know-how,” the report added.
