FBI Warning: Chinese Hackers Have Infiltrated a Massive Number of US Routers
In a stark warning to the American public, federal officials have revealed that a sophisticated Chinese state-sponsored hacking group has compromised a vast network of home and small office routers across the United States. The group, known as “Salt Typhoon,” has been leveraging this network to pre-position for future cyberattacks against America’s critical infrastructure.
This isn’t a distant threat; it’s a quiet invasion that has already taken place inside the devices that connect millions of Americans to the internet. Here’s what you need to know about the threat and how to protect yourself.
Who is Salt Typhoon?
Salt Typhoon is a highly skilled hacking group linked to the People’s Republic of China. Unlike criminals focused on financial gain, their objectives are strategic and align with espionage and national security interests. Their primary goal is to gain persistent, long-term access to US networks.
Instead of launching noisy, direct attacks that are easily detected, Salt Typhoon specializes in a stealthy technique known as “living off the land.” This means they use the built-in tools and functionalities of the systems they compromise, making their malicious activity incredibly difficult to distinguish from normal network traffic.
The ‘KV-Botnet’: A Hidden Army of Compromised Routers
The core of Salt Typhoon’s operation is a botnet—a network of hijacked devices—dubbed the KV-botnet. By infiltrating hundreds of thousands of routers, the group has created a massive, distributed web of attack points.
Here’s how it works:
- Exploiting Vulnerabilities: The hackers target routers that are no longer supported by their manufacturers. These “end-of-life” (EOL) devices, particularly older models from brands like Cisco and NetGear, stop receiving crucial security updates, leaving them wide open to known exploits.
- Creating a Proxy Network: Once a router is compromised, Salt Typhoon uses it as a proxy. This means they route their malicious traffic through the infected home or office router, effectively masking their true origin. To any security system, an attack on a power plant or water facility would appear to be coming from a random small business or residence in the U.S., not from China.
- Laying Dormant: This network of compromised devices gives the hackers a persistent foothold inside the country. They can lay low for months or even years, waiting for the opportune moment to launch a disruptive attack.
The FBI has successfully taken court-authorized action to disrupt the KV-botnet in an operation codenamed “Operation DYSTOPIAN GIRAFFE.” While this operation severed the connection between many of the compromised routers and the hackers’ command-and-control servers, the underlying vulnerability on the devices remains.
A Direct Threat to Critical Infrastructure
The ultimate target of Salt Typhoon isn’t your personal data; it’s the foundational services that keep the country running. Officials have explicitly stated that this network was being prepared for potential attacks on our power grids, communication systems, water treatment facilities, and transportation networks.
By compromising everyday routers, the group has built the infrastructure needed to cause widespread chaos and disruption at a moment’s notice, particularly in the event of a major geopolitical conflict.
Actionable Steps: How to Protect Your Network
The FBI emphasizes that this is not a problem that can be solved by government action alone. Individual and small business vigilance is critical. Securing your router is no longer just about protecting your Wi-Fi; it’s a matter of national security.
Follow these essential steps immediately to secure your network:
- Reboot Your Router: A simple restart can temporarily disrupt the malware installed by Salt Typhoon. While not a permanent fix, it’s a crucial first step.
- Install All Firmware Updates: Log in to your router’s administration panel and check for any available firmware updates. Manufacturers release these updates to patch security holes. If you don’t know how, search online for your router’s model number and “how to update firmware.”
- Replace End-of-Life Hardware: This is the most important step. If your router is more than a few years old, check the manufacturer’s website to see if it is still supported. If your device is no longer receiving security updates, you must replace it. An outdated router is a permanent, unlocked door for hackers.
- Use a Strong, Unique Admin Password: The default password on your router (often “admin” or “password”) is a major security risk. Change it to a long, complex password that is not used for any other account.
- Disable Remote Management: Most routers have a feature that allows them to be accessed from outside your home network. Unless you have a specific and expert-level need for this, disable remote management (often called “WAN management” or “Remote Access”) in your router’s settings.
Your home network is a frontline in an ongoing cyber conflict. By taking these simple yet powerful steps, you can protect not only your own data but also play a vital role in safeguarding the nation’s critical infrastructure from a persistent and dangerous threat.
Source: https://go.theregister.com/feed/www.theregister.com/2025/08/28/fbi_cyber_cop_salt_typhoon/
