According to this January 31, 2024 article in Ars Technica:
Chinese malware removed from SOHO routers after FBI issues covert commands
Routers were being used to conceal attacks on critical infrastructure.
The US Justice Department said Wednesday that the FBI surreptitiously sent commands to hundreds of infected small office and home office routers to remove malware China state-sponsored hackers were using to wage attacks on critical infrastructure.
The routers—mainly Cisco and Netgear devices that had reached their end of life—were infected with what’s known as KV Botnet malware, Justice Department officials said.
So is there any kind of comprehensive list of devices affected by this KV botnet malware?
Checking this articles:
- Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet (Security Week; December 13, 2023)
- Routers Roasting On An Open Firewall: The KV-Botnet Investigation (Lumen; December 13, 2023)
Provides some info on affected devices like these:
- NETGEAR ProSAFE managed switches.
- Cisco routers (RV320 and RV325).
- DrayTek Vigor routers.
- Axis IP cameras (M1045-LW, M1065-LW, and p1367-E).
But is there any clear list that clearly identifies what make and model of devices are affected?
