Security Conversations

Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers

Jan 5, 2024

Danny Adamitis, a principal information security engineer at Black Lotus Labs, dives into the alarming discovery of a resilient botnet utilizing outdated SOHO routers. He reveals how this covert network aids Volt Typhoon, a Chinese state-sponsored hacking group. The conversation highlights the global danger of obsolete devices and the urgent need for organizations to bolster their network defenses. Danny shares practical strategies for detecting and mitigating threats, emphasizing robust monitoring and awareness of network assets.

34:07

Creator website

Episode guests

Danny Adamitis

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The KV botnet, comprised of outdated SOHO routers, exemplifies how vulnerable end-of-life devices can facilitate covert cyber operations by threat actors.

Effective network defense strategies include regular reboots and enhanced logging practices to detect and mitigate risks from persistent botnets like KV.

Deep dives

Understanding Black Lotus Labs

Black Lotus Labs operates under Lumen Technologies, which resulted from the merger of several prominent telecommunications companies. The lab focuses on analyzing telemetry data from diverse sources to enhance cybersecurity and protect their corporate network and clients. By correlating data from various points, the team aims to uncover sophisticated threat actors who might evade traditional detection methods. Their extensive data collection includes monitoring billions of net flow sessions and DNS resolutions daily, essential for identifying security threats.

Intro

2min

Navigating the Threat Landscape of Botnets and Routers

18min

Battling Router Botnets

4min

Human-Operated Botnets: A Tactical Deep Dive

6min

Practical Defense Strategies Against Advanced Threats

2min

Mitigating Malware: Practical Tips and Ongoing Research

2min

Episode sponsors:

Binarly, the supply chain security experts (https://binarly.io)
FwHunt (https://fwhunt.run)

Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting US critical infrastructure.

Danny digs into the inner workings of the botnet, the global problem end-of-life devices becoming useful tools for malicious actors, and the things network defenders can do today to mitigate threats at this layer.

Links:

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Conversations

Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Black Lotus Labs

The KV Botnet and Its Implications

Discovery of the KV Botnet

Proactive Measures for Cyber Defense

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Security Conversations

Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Black Lotus Labs

The KV Botnet and Its Implications

Discovery of the KV Botnet

Proactive Measures for Cyber Defense

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights