CINXE.COM
Volt Typhoon and its botnet surge back with a vengeance • The Register
<!doctype html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <title>Volt Typhoon and its botnet surge back with a vengeance • The Register</title> <meta name="robots" content="max-snippet:-1, max-image-preview:standard, max-video-preview:0"> <meta name="viewport" content="initial-scale=1.0, width=device-width"/> <meta property="og:image" content="https://regmedia.co.uk/2024/01/30/voltage.jpg"/> <meta property="og:type" content="article" /> <meta property="og:url" content="https://www.theregister.com/2024/11/13/china_volt_typhoon_back/" /> <meta property="og:title" content="Volt Typhoon and its botnet surge back with a vengeance" /> <meta property="og:description" content="Ohm, for flux sake" /> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@TheRegister"> <script type="application/ld+json"> { "@context":"http://schema.org", "@type":"NewsArticle", "mainEntityOfPage":{"@type":"WebPage","@id":"https://www.theregister.com/2024/11/13/china_volt_typhoon_back/"}, "headline":"China's Volt Typhoon crew and its botnet surge back with a vengeance", "datePublished":"2024-11-13T00:58:10Z", "dateModified":"2024-11-13T00:54:52Z", "image":{"@type":"ImageObject","url":"https://regmedia.co.uk/2024/01/30/voltage.jpg","width":"1024","height":"1024"}, "author":{"@type":"Person","name":"Jessica Lyons"}, "publisher":{"@type":"Organization","name":"The Register","url":"https://www.theregister.com/","logo":{"@type":"ImageObject","url":"https://www.theregister.com/design_picker/1fea2ae01c5036112a295123c3cc9c56eb28836a/graphics/std/red_logo_sans_strapline.png","width":330,"height":55}} } </script> <script> var RegZoot = { }; var RegCC = [ ]; var RegPageType = 'Story'; var RegTruePageType = 'www story'; </script> <link rel="canonical" href="https://www.theregister.com/2024/11/13/china_volt_typhoon_back/"> <link rel="amphtml" href="https://www.theregister.com/AMP/2024/11/13/china_volt_typhoon_back/"> <script src="/Design/javascript/html5shiv.min.js"></script> <script> // IE8 only polyfilly for eventListener // source: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Compatibility !function(){if(Event.prototype.preventDefault||(Event.prototype.preventDefault=function(){this.returnValue=!1}),Event.prototype.stopPropagation||(Event.prototype.stopPropagation=function(){this.cancelBubble=!0}),!Element.prototype.addEventListener){var e=[],t=function(t,n){var o=this,r=function(e){e.target=e.srcElement,e.currentTarget=o,void 0!==n.handleEvent?n.handleEvent(e):n.call(o,e)};if("DOMContentLoaded"==t){var a=function(e){"complete"==document.readyState&&r(e)};if(document.attachEvent("onreadystatechange",a),e.push({object:this,type:t,listener:n,wrapper:a}),"complete"==document.readyState){var p=new Event;p.srcElement=window,a(p)}}else this.attachEvent("on"+t,r),e.push({object:this,type:t,listener:n,wrapper:r})},n=function(t,n){for(var o=0;o<e.length;){var r=e[o];if(r.object==this&&r.type==t&&r.listener==n){"DOMContentLoaded"==t?this.detachEvent("onreadystatechange",r.wrapper):this.detachEvent("on"+t,r.wrapper),e.splice(o,1);break}++o}};Element.prototype.addEventListener=t,Element.prototype.removeEventListener=n,HTMLDocument&&(HTMLDocument.prototype.addEventListener=t,HTMLDocument.prototype.removeEventListener=n),Window&&(Window.prototype.addEventListener=t,Window.prototype.removeEventListener=n)}}(); document.attachEvent("onreadystatechange", function() { if (document.readyState === "complete") { // list of icons we want <= IE8 to replace with their png equivalents var svg_icons_png_equiv = [ // masthead icons (twitter + facebook are also shared for footer): 'reg_logo.svg', 'twitter.svg', 'facebook.svg', 'linkedin.svg', // navigation bar icons: 'vulture.svg', 'vulture_white.svg', 'search.svg', 'search_white.svg', // footer icons: 'sitpub_footer.svg', 'linkedin_white.svg', 'rss.svg', // lectures section icons: 'reglecture_logo.svg', // story template icons: 'reddit.svg', 'linkedin_alt.svg', 'linkedin.svg', 'calendar.svg', 'location.svg', 'rect_comment_bubble_white.svg', 'rect_comment_bubble_black.svg', 'envelope.svg', 'polls_unit_arrow.svg' ]; for (i = 0; i <= svg_icons_png_equiv.length - 1; i++) { var svg_icon = svg_icons_png_equiv[i]; var img_svg_icons = $('img[src$="' + svg_icon + '"]'); img_svg_icons.each(function() { $(this).attr('src', $(this).attr('src').replace('.svg','.png')); }); } var ad_params = { src: 'https://regmedia.co.uk/2018/06/15/gg2b_book.png', href: 'https://forms.theregister.com/gg2b/?td=iaomwtkie78' }; bird_alternative('ad_wp_top', ad_params); } }); </script> <script> var RegArticle={id:237216,pf:0,af:0,bms:0,sec:'on_prem/public_sector',cat:'update_me',ec:[],kw:[["china",'China'],["cybercrime",'Cybercrime'],["security",'Security']],kwp:[["apac",'APAC']],short_url:'https://reg.cx/4f1h',cp:0,noads:[],author:'Jessica Lyons'} </script> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/scaffolding.css"> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/design.css"> <style> #nav-on_prem, #nav-on_prem-public_sector { text-decoration: underline !important; } </style> <link rel='stylesheet' type='text/css' href='/css/e5c206ed408f082870465a2c478e657ff0db3937/story_only.css'> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/rows_basic.css"> <link rel=alternate type="application/atom+xml" href="/headlines.atom" title="The Register: whole site"> <link rel=alternate type="application/atom+xml" href="/on_prem/public_sector/headlines.atom" title="The Register: Public Sector section"> <script> var RegCR = false; </script> <script src="/design_picker/14513432720673f1c1ee02761ba265b674b7bee1/javascript/_.js"></script> <script> RegGPT('reg_onprem/publicsector','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <link rel=search href="https://search.theregister.com/"> <link rel=search type="application/opensearchdescription+xml" title="El Reg Search" href="/Design/page/search.osd"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico" sizes="any"><!-- 32×32 --> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/apple-touch-icon.png"><!-- 180×180 --> <link rel="manifest" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/site.webmanifest"> <meta name="msapplication-TileColor" content="#ff0000"> <meta name="msapplication-config" content="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/browserconfig.xml"> <meta name="theme-color" content="#ff0000"> <script src="/Design/javascript/respond.min.js"></script> </head> <body class="fullwidth" data-pagetype='Story' data-iebrowser='7' data-pagenum="0"> <div id="page"> <div data-oop="1" data-pos="top" data-raptor="kite" aria-hidden="true" class="adun"></div> <div id="masthead"> <div class="los_amigos"> <div class="left_nav"> <a id="mob_user_link" href="https://account.theregister.com/register/" aria-label="Your Account"> <img class="account_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg" alt=""> <img class="filled_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_filled_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg" alt=""> <span id="mob_user_text"><span>Sign in / up</span></span> </a> </div> <div class="center_nav"> <a href="https://www.theregister.com/" id="logo"> <img src="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.png" srcset="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg" width="190" height="35" alt="The Register® — Biting the hand that feeds IT"> </a> </div> <div class="right_nav"> <a href="https://search.theregister.com/" class="nav_search topnav_elem" data-name="Search" aria-label="Search"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg" alt=""> </a> <div id="site_nav_mobile"> <noscript><div id="site_nav_mobile_hiding_stamp"></div></noscript> <button id="mobile_menu_toggle" aria-label="Open menu" type="button"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg" alt=""> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg" alt=""> </button> </div> </div> </div> <div id="top_panel_wrapper"> <div id="top_panel"> <div class="block_section nav"> <div class="nav_col first_col"> <div class="nav_top_group"> <div class="nav_topics"> <div class="nav_head_bk"> <h2 class="main_head">Topics</h2> </div> <div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem mob_only">Security</a> <h2 class="desk_only section_nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem desk_only">Security</a> </h2> </div> </div><div id="subnav-box-nav-security" class="subnav_box"><a href="https://www.theregister.com/security/" class="subnav_elem" id="nav-security-all"><span class="prefix_all">All </span>Security</a><a href="https://www.theregister.com/security/cyber_crime/" class="subnav_elem" id="nav-security-cyber_crime">Cyber-crime</a><a href="https://www.theregister.com/security/patches/" class="subnav_elem" id="nav-security-patches">Patches</a><a href="https://www.theregister.com/security/research/" class="subnav_elem" id="nav-security-research">Research</a><a href="https://www.theregister.com/security/cso/" class="subnav_elem" id="nav-security-cso">CSO</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem mob_only">Off-Prem</a> <h2 class="desk_only section_nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem desk_only">Off-Prem</a> </h2> </div> </div><div id="subnav-box-nav-off_prem" class="subnav_box"><a href="https://www.theregister.com/off_prem/" class="subnav_elem" id="nav-off_prem-all"><span class="prefix_all">All </span>Off-Prem</a><a href="https://www.theregister.com/off_prem/edge_iot/" class="subnav_elem" id="nav-off_prem-edge_iot">Edge + IoT</a><a href="https://www.theregister.com/off_prem/channel/" class="subnav_elem" id="nav-off_prem-channel">Channel</a><a href="https://www.theregister.com/off_prem/paas_iaas/" class="subnav_elem" id="nav-off_prem-paas_iaas">PaaS + IaaS</a><a href="https://www.theregister.com/off_prem/saas/" class="subnav_elem" id="nav-off_prem-saas">SaaS</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem mob_only">On-Prem</a> <h2 class="desk_only section_nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem desk_only">On-Prem</a> </h2> </div> </div><div id="subnav-box-nav-on_prem" class="subnav_box"><a href="https://www.theregister.com/on_prem/" class="subnav_elem" id="nav-on_prem-all"><span class="prefix_all">All </span>On-Prem</a><a href="https://www.theregister.com/on_prem/systems/" class="subnav_elem" id="nav-on_prem-systems">Systems</a><a href="https://www.theregister.com/on_prem/storage/" class="subnav_elem" id="nav-on_prem-storage">Storage</a><a href="https://www.theregister.com/on_prem/networks/" class="subnav_elem" id="nav-on_prem-networks">Networks</a><a href="https://www.theregister.com/on_prem/hpc/" class="subnav_elem" id="nav-on_prem-hpc">HPC</a><a href="https://www.theregister.com/on_prem/personal_tech/" class="subnav_elem" id="nav-on_prem-personal_tech">Personal Tech</a><a href="https://www.theregister.com/on_prem/cxo/" class="subnav_elem" id="nav-on_prem-cxo">CxO</a><a href="https://www.theregister.com/on_prem/public_sector/" class="subnav_elem" id="nav-on_prem-public_sector">Public Sector</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem mob_only">Software</a> <h2 class="desk_only section_nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem desk_only">Software</a> </h2> </div> </div><div id="subnav-box-nav-software" class="subnav_box"><a href="https://www.theregister.com/software/" class="subnav_elem" id="nav-software-all"><span class="prefix_all">All </span>Software</a><a href="https://www.theregister.com/software/ai_ml/" class="subnav_elem" id="nav-software-ai_ml">AI + ML</a><a href="https://www.theregister.com/software/applications/" class="subnav_elem" id="nav-software-applications">Applications</a><a href="https://www.theregister.com/software/databases/" class="subnav_elem" id="nav-software-databases">Databases</a><a href="https://www.theregister.com/software/devops/" class="subnav_elem" id="nav-software-devops">DevOps</a><a href="https://www.theregister.com/software/oses/" class="subnav_elem" id="nav-software-oses">OSes</a><a href="https://www.theregister.com/software/virtualization/" class="subnav_elem" id="nav-software-virtualization">Virtualization</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem mob_only">Offbeat</a> <h2 class="desk_only section_nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem desk_only">Offbeat</a> </h2> </div> </div><div id="subnav-box-nav-offbeat" class="subnav_box"><a href="https://www.theregister.com/offbeat/" class="subnav_elem" id="nav-offbeat-all"><span class="prefix_all">All </span>Offbeat</a><a href="https://www.theregister.com/Debates/" class="subnav_elem" id="nav-offbeat-debates">Debates</a><a href="https://www.theregister.com/offbeat/columnists/" class="subnav_elem" id="nav-offbeat-columnists">Columnists</a><a href="https://www.theregister.com/offbeat/science/" class="subnav_elem" id="nav-offbeat-science">Science</a><a href="https://www.theregister.com/offbeat/geeks_guide/" class="subnav_elem" id="nav-offbeat-geeks_guide">Geek's Guide</a><a href="https://www.theregister.com/offbeat/bofh/" class="subnav_elem" id="nav-offbeat-bofh">BOFH</a><a href="https://www.theregister.com/offbeat/legal/" class="subnav_elem" id="nav-offbeat-legal">Legal</a><a href="https://www.theregister.com/offbeat/bootnotes/" class="subnav_elem" id="nav-offbeat-bootnotes">Bootnotes</a><a href="https://www.theregister.com/offbeat/site_news/" class="subnav_elem" id="nav-offbeat-site_news">Site News</a><a href="https://www.theregister.com/offbeat/about_us/" class="subnav_elem" id="nav-offbeat-about_us">About Us</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div> </nav> </div> </div> </div> <div class="nav_bottom_group"> <div class="nav_bottom_section nav_special_features"> <div class="nav_head_bk"> <a href="#subnav-box-nav-special_features" data-toggle-for="subnav-box-nav-special_features" id="nav-special_features" class="topnav_elem mob_only">Special Features</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Special Features</span> </h2> </div> <nav> <div class="nav_elem"> <div id="subnav-box-nav-special_features" class="subnav_box"> <a href="https://www.theregister.com/special_features">All Special Features</a> <a href="https://www.theregister.com/special_features/cybersecurity_month">Cybersecurity Month</a> <a href="https://www.theregister.com/special_features/vmware_explore">VMware Explore</a> <a href="https://www.theregister.com/special_features/blackhat_and_defcon">Blackhat and DEF CON</a> <a href="https://www.theregister.com/special_features/cloud_infrastructure_month">Cloud Infrastructure Month</a> <a href="https://www.theregister.com/special_features/malware_month">Malware Month</a> <a href="https://www.theregister.com/special_features/the_reg_in_space">The Reg in Space</a> <a href="https://www.theregister.com/special_features/spotlight_on_rsa">Spotlight on RSA</a> </div> </div> </nav> </div> <div class="nav_bottom_section nav_elem nav_vendor_voice"> <div class="nav_head_bk"> <h2 class="main_head"> <span class="topnav_elem desk_only">Vendor Voice</span> </h2> </div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem mob_only">Vendor Voice</a> <h2 class="desk_only section_nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem desk_only">Vendor Voice</a> </h2> </div> </div> <div id="subnav-box-nav-tag-vendor-voice" class="subnav_box"> <a href="https://www.theregister.com/VendorVoice/" class="subnav_elem" id="nav-tag-vendor-voice-all"> <span class="prefix_all">All </span>Vendor Voice </a> <a href="https://www.theregister.com/VendorVoice/aws_here/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_here"> HERE and AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_vonage/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_vonage"> Vonage </a> <a href="https://www.theregister.com/VendorVoice/aws_amdocs/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_amdocs"> Amdocs </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova_manufacturing/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova_manufacturing"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws"> Siemens and AWS Gen AI </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws_itot/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws_itot"> Siemens and AWS IT/OT </a> <a href="https://www.theregister.com/VendorVoice/aws_new_horizon_solutions/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_new_horizon_solutions"> Amazon Web Services (AWS) New Horizon in Cloud Computing </a> <a href="https://www.theregister.com/VendorVoice/ddn/" class="subnav_elem" id="nav-tag-vendor-voice-vv_ddn"> DDN </a> <a href="https://www.theregister.com/VendorVoice/google_cloud_data_transformation/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_cloud_data_transformation"> Google Cloud Data Transformation </a> <a href="https://www.theregister.com/VendorVoice/google_gemini/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_gemini"> Google Gemini </a> <a href="https://www.theregister.com/VendorVoice/hpe_greenlake/" class="subnav_elem" id="nav-tag-vendor-voice-vv_hpe_greenlake"> Hewlett Packard Enterprise: Edge-to-Cloud Platform </a> <a href="https://www.theregister.com/VendorVoice/intelvpro/" class="subnav_elem" id="nav-tag-vendor-voice-vv_intelvpro"> Intel vPro </a> <a href="https://www.theregister.com/VendorVoice/vmware/" class="subnav_elem" id="nav-tag-vendor-voice-vv_vmware"> VMware </a> <noscript> <a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a> </noscript> </div> </div> </nav> </div> <div class="nav_bottom_section nav_resources"> <div class="nav_head_bk"> <a href="#subnav-box-nav-resources" data-toggle-for="subnav-box-nav-resources" id="nav-resources" class="topnav_elem mob_only">Resources</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Resources</span> </h2> </div> <nav id="top_nav"> <div class="nav_elem"> <div id="subnav-box-nav-resources" class="subnav_box"> <a href="https://whitepapers.theregister.com/">Whitepapers</a> <a href="https://whitepapers.theregister.com/events/list/">Webinars & Events</a> <a href="https://account.theregister.com/edit/newsletter/">Newsletters</a> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xmd=",fluid,leaderboard," data-lg=",fluid,leaderboard," data-xlg=",fluid,superleaderboard,billboard,leaderboard," data-xxlg=",fluid,superleaderboard,billboard,brandwidth,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <article> <div id=top-col-story> <div class="header_left"> <div class="cat_header"> <h4 class="dcl"> <a href="/on_prem/public_sector/" aria-label="Public Sector">Public Sector</a> </h4> </div> <div class="comments_wrap mobile_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 4 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/13/china_volt_typhoon_back/"> <strong aria-hidden="true">4</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h1>China's Volt Typhoon crew and its botnet surge back with a vengeance</h1> </div> <div class="header_left"> <div class="comments_wrap desktop_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 4 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/13/china_volt_typhoon_back/"> <strong aria-hidden="true">4</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h2>Ohm, for flux sake</h2> <div class="byline_and_dateline_and_share_and_comments"> <div class="byline_wrap"> <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg" alt="icon"> <a class="byline" href="/Author/Jessica-Lyons" title="Read more by this author"> Jessica Lyons </a> </div> <div class="dateline_wrap"> <span class="dateline"> Wed 13 Nov 2024 <span class="slashes"> // </span> 00:58 UTC </span> </div> </div> </div> </div> <div id=main-col> <div id="article-wrapper" class="article_wrap"> <div class="left_col"> <div class="floating_bar"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_2"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance&url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance&summary=Ohm%2c%20for%20flux%20sake" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> <div class="promo_advert"> </div> </div> <div class="centre_col"> <div id="article"> <div id="body"> <p>China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.</p> <p>The alert comes nearly ten months after the Feds claimed a victory against the Chinese government-linked miscreants, when the FBI infiltrated the operation and then <a target="_blank" href="https://www.theregister.com/2024/01/30/fbi_china_volt/">remotely wiped</a> the botnet.</p> <p>At the time, the US Justice Department warned that Volt Typhoon had <a target="_blank" href="https://www.theregister.com/2024/01/31/volt_typhoon_botnet/">infected</a> "hundreds" of outdated Cisco and Netgear boxes with malware so that the devices could be used to break into US energy, water, and other vital facilities. Plus, the crew had been targeting American critical organizations as <a target="_blank" href="https://www.theregister.com/2023/10/02/aws_security_madpot/">far back</a> as 2021.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <p>Just last week, news reports emerged that the same cyber espionage crew had <a target="_blank" href="https://www.theregister.com/2024/11/06/chinas_volt_typhoon_breached_singtel/">breached</a> Singapore Telecommunications over the summer as a "test run by China for further hacks against US telecommunications companies."</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xmd=",fluid,mpu,leaderboard," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <div class="adun_eagle_desktop_story_wrapper"> <div aria-hidden="true" class="adun" data-pos="mid" data-raptor="eagle" data-xxlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> </div> <p>"Once thought dismantled, Volt Typhoon has returned, more sophisticated and determined than ever," declared Ryan Sherstobitoff, SVP of threat research and intelligence at SecurityScorecard. </p> <p>In a Tuesday <a target="_blank" rel="nofollow" href="https://securityscorecard.com/blog/botnet-is-back-ssc-strike-team-uncovers-a-renewed-cyber-threat/">report</a>, Sherstobitoff revealed that the security shop's Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team had spotted Volt Typhoon exploiting outdated Cisco RV320/325 routers and Netgear ProSafe routers. </p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>"These end-of-life devices become perfect entry points, and in just 37 days, Volt Typhoon compromised 30 percent of visible Cisco RV320/325 routers," Sherstobitoff wrote.</p> <p>When asked about specific vulnerabilities being abused, Sherstobitoff told <em>The Register</em>: "There are no clear CVEs that Volt is exploiting in current Cisco devices."</p> <p>But, he added, because the routers are end-of-life, the vendor no longer issues security updates. "This leads to increased exploitation of existing ones," Sherstobitoff warned.</p> <div aria-hidden="true" class="adun" id="story_eagle_xsm_sm_md_xmd_lg_xlg" data-pos="mid" data-raptor="eagle" data-xsm=",mpu,dmpu," data-sm=",mpu,dmpu," data-md=",mpu,dmpu," data-xmd=",mpu,dmpu," data-lg=",mpu,dmpu," data-xlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>Since the disruption and subsequent rebuilding of the botnet, the threat hunters have seen "a few dozen" compromised devices, he told us. However, he noted, "we have observed changes in command and control servers being deployed into other network providers."</p> <p>The FBI declined to comment on Volt Typhoon's reported resurgence, and the US government's Cybersecurity and Infrastructure Agency did not immediately response to<i>The Register</i>'s inquiries.</p> <h3 class="crosshead">Volt Typhoon's attack timeline</h3> <p>The Chinese crew's botnet first came to light in 2023, after Microsoft and intelligence agencies from the Five Eyes nations <a target="_blank" href="https://www.theregister.com/2023/05/25/china_volt_typhoon_attacks/">disclosed</a> that Volt Typhoon had accessed networks belonging to US critical infrastructure organizations.</p> <p>The spy gang, we're told, had built a botnet from Cisco and Netgear routers identified by a self-signed SSL certificate named JDYFJ. This botnet, according to SecurityScorecard, used command-and-control (C2) infrastructure in the Netherlands, Latvia, and Germany to disguise its malicious traffic.</p> <p>By October 2023, Volt Typhoon had taken up occupancy, rent-free, on a compromised VPN device in New Caledonia. This created "a covert bridge between Asia-Pacific and the Americas" that kept "their network alive, hidden from standard detection," Sherstobitoff wrote. </p> <ul class="listinks"> <li><a href="https://www.theregister.com/2024/11/06/chinas_volt_typhoon_breached_singtel/">China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks</a></li> <li><a href="https://www.theregister.com/2024/01/31/volt_typhoon_botnet/">FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet</a></li> <li><a href="https://www.theregister.com/2024/01/30/fbi_china_volt/">US shorts China's Volt Typhoon crew targeting America's criticals</a></li> <li><a href="https://www.theregister.com/2024/02/01/china_attack_warning/">Congress told how Chinese goons plan to incite 'societal chaos' in the US</a></li> </ul> <p>In January 2024, the FBI-led effort disrupted some of Volt Typhoon's infrastructure. However, in the Tuesday report, Sherstobitoff explains the Chinese spies rapidly set up new C2 servers on Digital Ocean, Quadranet, and Vultr and also registered fresh SSL certificates to avoid the prying eyes of law enforcement.</p> <p>As of September, "the botnet persists," he wrote. It uses the JDYFJ cluster to route traffic globally. "Connections from New Caledonia and router nodes remain active for over a month, reinforcing Volt Typhoon's infrastructure."</p> <h3 class="crosshead">Chinese government-linked attacks on the rise</h3> <p>This report comes as government officials and private security firms alike have noted an uptick in Chinese cyber spy activity on US and global networks.</p> <p>Last week, Bloomberg said Volt Typhoon had broken into Singtel's networks before being spotted in June, and had used a web shell in that security breach.</p> <p>In August, Lumen Technologies' Black Lotus Labs <a target="_blank" href="https://www.theregister.com/2024/08/27/chinas_volt_typhoon_versa/">warned</a> that Volt Typhoon had abused a Versa SD-WAN vulnerability CVE-2024-39717 to plant custom, credential-harvesting web shells on customers' networks.</p> <p>Then, in September, another Chinese-government-backed group dubbed Salt Typhoon was <a target="_blank" href="https://www.theregister.com/2024/09/25/chinas_salt_typhoon_cyber_spies/">accused</a> of breaking into US telecom providers' infrastructure. These intrusions came to light in October, with the spies reportedly <a target="_blank" href="https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/">breaching</a> Verizon, AT&T, and Lumen Technologies.</p> <p>Also in September, the FBI revealed that international cops disrupted a 260,000-device botnet controlled by a different Beijing-linked goon squad: <a target="_blank" href="https://www.theregister.com/2024/09/18/fbi_flax_typhoon_ransomware/">Flax Typhoon</a>.</p> <p>This group had been building the Mirai-based botnet since 2021 and targeted US critical infrastructure, government, and academics. ®</p> <div class="wptl btm"> <noscript><strong>Get our</strong> <a href="https://whitepapers.theregister.com/" style="text-transform:uppercase">Tech Resources</a></noscript> </div> </div> <div class="article_body_btm mobile_only"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_3"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance&url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance&summary=Ohm%2c%20for%20flux%20sake" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="right_col desktop_only"> <div class="similar_topics"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/China%20Mobile/" > <span class="keyword_name"> China Mobile </span> </a> </li> <li> <a href="/Tag/China%20telecom/" > <span class="keyword_name"> China telecom </span> </a> </li> <li> <a href="/Tag/China%20Unicom/" > <span class="keyword_name"> China Unicom </span> </a> </li> <li> <a href="/Tag/CISO/" > <span class="keyword_name"> CISO </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Cyberspace%20Administration%20of%20China/" > <span class="keyword_name"> Cyberspace Administration of China </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Great%20Firewall/" > <span class="keyword_name"> Great Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/Hong%20Kong/" > <span class="keyword_name"> Hong Kong </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Infrastructure%20Security/" > <span class="keyword_name"> Infrastructure Security </span> </a> </li> <li> <a href="/Tag/JD.com/" > <span class="keyword_name"> JD.com </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Semiconductor%20Manufacturing%20International%20Corporation/" > <span class="keyword_name"> Semiconductor Manufacturing International Corporation </span> </a> </li> <li> <a href="/Tag/Shenzhen/" > <span class="keyword_name"> Shenzhen </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Uyghur%20Muslims/" > <span class="keyword_name"> Uyghur Muslims </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/APAC/" > <span class="keyword_name"> APAC </span> </a> </li> </ul> </div> </div> </div> </div> </div> <div class="right_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> </div> </div> <div class="left_col main_content"> <div class="sharing_block"> <div class=article_body_btm> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_4"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance&url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=China%27s%20Volt%20Typhoon%20crew%20and%20its%20botnet%20surge%20back%20with%20a%20vengeance&summary=Ohm%2c%20for%20flux%20sake" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/13/china_volt_typhoon_back/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="centre_col main_content"> <div class="comments "> <a class="comment_count" aria-label="Read comments on this article, currently there are 4 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/13/china_volt_typhoon_back/"> <strong aria-hidden="true">4</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> COMMENTS </a> </div> </div> <div class="hidden_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/China%20Mobile/" > <span class="keyword_name"> China Mobile </span> </a> </li> <li> <a href="/Tag/China%20telecom/" > <span class="keyword_name"> China telecom </span> </a> </li> <li> <a href="/Tag/China%20Unicom/" > <span class="keyword_name"> China Unicom </span> </a> </li> <li> <a href="/Tag/CISO/" > <span class="keyword_name"> CISO </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Cyberspace%20Administration%20of%20China/" > <span class="keyword_name"> Cyberspace Administration of China </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Great%20Firewall/" > <span class="keyword_name"> Great Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/Hong%20Kong/" > <span class="keyword_name"> Hong Kong </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Infrastructure%20Security/" > <span class="keyword_name"> Infrastructure Security </span> </a> </li> <li> <a href="/Tag/JD.com/" > <span class="keyword_name"> JD.com </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Semiconductor%20Manufacturing%20International%20Corporation/" > <span class="keyword_name"> Semiconductor Manufacturing International Corporation </span> </a> </li> <li> <a href="/Tag/Shenzhen/" > <span class="keyword_name"> Shenzhen </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Uyghur%20Muslims/" > <span class="keyword_name"> Uyghur Muslims </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/APAC/" > <span class="keyword_name"> APAC </span> </a> </li> </ul> </div> </div> </div> </div> <div class="right_col main_content"> <div class="tip_off_widget"> <h4>TIP US OFF</h4> <p><a href="https://www.theregister.com/Profile/contact/" target="_blank">Send us news</a></p> </div> </div> </div> </div> </article> <hr id=story_section_break> <div id=story-bot-col> <h3 style="position:absolute;color:transparent;z-index:-1;">Other stories you might like</h3> <div id="aua" data-unit-type="aua" class="keepreading"> <div class=headlines> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/18/tmobile_us_attack_salt_typhoon/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears</h4> <div class=standfirst> <span class="label">updated</span> Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon</div> <div class=time_comments> <span class="section_name">Networks</span><span class="time_stamp" title="18 Nov 2024 20:43" data-epoch="1731962602">18 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/11/20/musk_chinese_cyberspies/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator</h4> <div class=standfirst>Meet Liminal Panda, which prowls telecom networks in South Asia and Africa</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="20 Nov 2024 23:50" data-epoch="1732146614">20 Nov 2024</span> | <span class="comment light_bg_comments">32</span></div> </div> </a> </article> <article> <a href="/2024/11/27/tmobile_cyberattack_victory_lap/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'</h4> <div class=standfirst>Funny what putting more effort and resources into IT security can do</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="27 Nov 2024 20:59" data-epoch="1732741153">27 Nov 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> <article> <a href="/2024/10/29/why_ai_builds_best_on/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Why AI builds best on private clouds</h4> <div class=standfirst>AI projects under pressure to show real value in the tightest of timeframes might be worth keeping on-premises</div> <div class=time_comments><span class="section_name">Sponsored Feature</span></div> </div> </a> </article> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="hawk" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z0gMPTfmiQq7f-id6OCuqQAAAQ4&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" alt=""> </a> </noscript> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/25/salt_typhoon_mark_warner_warning/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>China has utterly pwned 'thousands and thousands' of devices at US telcos</h4> <div class=standfirst>Senate Intelligence Committee chair says his 'hair is on fire' as execs front the White House</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="25 Nov 2024 13:15" data-epoch="1732540505">25 Nov 2024</span> | <span class="comment light_bg_comments">50</span></div> </div> </a> </article> <article> <a href="/2024/11/14/salt_typhoon_hacked_multiple_telecom/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'</h4> <div class=standfirst> <span class="label">Updated</span> Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="14 Nov 2024 1:54" data-epoch="1731549251">14 Nov 2024</span> | <span class="comment light_bg_comments">5</span></div> </div> </a> </article> <article> <a href="/2024/11/27/salt_typhoons_us_telcos/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Salt Typhoon's surge extends far beyond US telcos</h4> <div class=standfirst>Plus, a brand-new backdoor, GhostSpider, is linked to the cyber spy crew's operations</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="27 Nov 2024 23:44" data-epoch="1732751054">27 Nov 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> <article> <a href="/2024/11/19/china_brazenbamboo_fortinet_0day/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer</h4> <div class=standfirst>No word on when or if the issue will be fixed</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="19 Nov 2024 23:2" data-epoch="1732057333">19 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/20/equinox_patients_employees_data/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Healthcare org Equinox notifies 21K patients and staff of data theft</h4> <div class=standfirst>Ransomware scum LockBit claims it did the dirty deed</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="20 Nov 2024 0:30" data-epoch="1732062607">20 Nov 2024</span> | <span class="comment light_bg_comments">1</span></div> </div> </a> </article> <article> <a href="/2024/11/22/palo_alto_firewalls_under_exploit/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole</h4> <div class=standfirst> <span class="label">Updated</span> PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="22 Nov 2024 21:27" data-epoch="1732310829">22 Nov 2024</span> | <span class="comment light_bg_comments">22</span></div> </div> </a> </article> <article> <a href="/2024/11/17/passkeys_passwords/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Will passkeys ever replace passwords? Can they?</h4> <div class=standfirst> <span class="label">Systems Approach</span> Here's why they really should</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="17 Nov 2024 18:30" data-epoch="1731868207">17 Nov 2024</span> | <span class="comment light_bg_comments">121</span></div> </div> </a> </article> <article> <a href="/2024/11/15/palo_alto_networks_firewall_zeroday/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit</h4> <div class=standfirst>Yank access to management interface, stat</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="15 Nov 2024 21:7" data-epoch="1731704823">15 Nov 2024</span> | <span class="comment light_bg_comments">28</span></div> </div> </a> </article> </div> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="owl" data-xsm=",fluid,mpu,dmpu," data-sm=",fluid,mpu,dmpu," data-md=",fluid,mpu,dmpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"></div> </div> </div><div id=footer> <div class="footer_slogan"> <div class="footer_wrapper"> <p>The Register <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png" alt="icon"> Biting the hand that feeds IT</p> </div> </div> <div class="footer_wrapper"> <div class=foot_wrapper> <div class="left_block"> <div class="foot_list"> <h4>About Us<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/contact/">Contact us</a></li> <li><a target=_blank rel=noopener href="https://www.theregister.com/AdvertiseWithUs/">Advertise with us</a></li> <li><a href="https://www.theregister.com/Profile/about_the_register/">Who we are</a></li> </ul> </div> <div class="foot_list more_us"> <h4>Our Websites<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.nextplatform.com/">The Next Platform</a></li> <li><a href="https://devclass.com/">DevClass</a></li> <li><a href="https://blocksandfiles.com/">Blocks and Files</a></li> </ul> </div> <div class="foot_list privacy"> <h4>Your Privacy<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/cookies/">Cookies Policy</a></li> <li><a href="https://www.theregister.com/Profile/privacy/">Privacy Policy</a></li> <li><a href="https://www.theregister.com/Profile/terms_and_conditions_of_use/">Ts & Cs</a></li> </ul> </div> </div> <div class="right_block"> <div class="foot_list"> <a href="https://situationpublishing.com/" id="sitpub_logo"> <img loading="lazy" width="250" alt="Situation Publishing" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png"> </a> <p> Copyright. All rights reserved © 1998–2024 </p> </div> </div> <noscript><img width="1" height="1" src="/Design/graphics/std/transparent_pixel.png" alt="no-js"></noscript> </div> </div> </div> <div id=end_scripts> <script> if (typeof(ElReg.Ga.sendPageView) === 'function') { ElReg.Ga.sendPageView('reg_onprem/publicsector','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); } </script> <script> $(function() { RegUtils.set_bucket_group(290) }); </script> </div> <!--[if IE]> <p id=unsupported_browser>The Register does not support such an old IE version. Please upgrade your browser. <img src="https://go.theregister.com/k/abb_oldie> </p> <![endif]--></div> </body> </html>