Recently, the Department of Justice announced that a “December 2023 court-authorized operation disrupted a botnet of hundreds of U.S.-based small office/home office (SOHO) routers hijacked by People’s Republic of China (PRC) state-sponsored hackers.” This operation required the DOJ to delete the botnet coding from the routers in question and block any communications that were made with other devices attempting to control the botnet.
As we have frequently noted, there is a lot of media attention and discussion surrounding cyberattacks carried out on private business routers. However, there is comparably less attention on attacks that target home networks. It has been reported that many of the SOHO routers belonged to Cisco and NetGear devices that were no longer supported via security patches or other software updates. These devices were not necessarily linked to a particular organization or private security system. Instead, this botnet hack represented an attack on civilian devices, which represents a troubling trend.
United States citizens are usually off-limits for foreign attackers, but this botnet suggests that the rules might be changing. According to FBI Director Chris Wray, “China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict.” This suggests that China might be accelerating the development of its cyber operations to confront the United States in a military conflict. These attacks are likely to increase over time, according to experts, which represents a change in China’s military policy.
One major takeaway from this attack is that it is critical to routinely update your software. Although that was not possible in this instance, the PRC’s botnet would not have been operational if everyone involved had routers whose security was still supported by the companies that made them. Another takeaway is that personal routers are critical targets—even by foreign nations. As China threatens to cripple vital U.S. assets and systems, we can no longer assume that civilians are out of harm’s way. However, the good news is that we have many systems in place for individuals to defend against such attacks. Start by investing in your personal security and making sure you have top-of-the line router protection.
Crimeware