Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days

Chinese state-sponsored group continues to actively compromise Cisco devices possibly affected by vulnerabilities publicly disclosed in 2019

The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has identified new infrastructure that appears to be linked to the threat actor group tracked as Volt Typhoon. Volt Typhoon is a state-sponsored group based in China that typically focuses on espionage and information gathering.

Approximately 30% of the Cisco RV320/325 devices observed by SecurityScorecard in a 37-day period may have been compromised by Volt Typhoon.