Cyberwarfare / Nation-State Attacks
,
Endpoint Security
,
Fraud Management & Cybercrime
Major Chinese Router Manufacturer Facing Increased Scrutiny After Chinese Espionage
U.S. authorities may ban Chinese tech giant TP-Link after the Volt Typhoon cyberespionage campaign exposed critical infrastructure to heightened risks from Chinese-made software and networking gear.
See Also: Advancing Cyber Resiliency With Proactive Data Risk Reduction
TP-Link, self-described as the “world’s #1 provider of consumer WiFi devices” and a leading U.S. router supplier, is facing sharp scrutiny in Washington after federal officials revealed Beijing-linked hackers exploited privately owned routers to infiltrate American critical infrastructure. The FBI, Department of Justice and Cybersecurity and Infrastructure Security Agency disrupted the Volt Typhoon attack last year after launching a court-authorized sting operation to remotely disable malware installed in hundreds of victims’ routers in homes and small businesses across the country (see: Here’s How the FBI Stopped a Major Chinese Hacking Campaign).
Multiple federal agencies have since launched investigations into TP-Link, the Wall Street Journal first reported, amid bipartisan calls on Capitol Hill to examine whether Chinese WiFi routers in federal systems and critical infrastructure threaten national security. Critics argue the proposed TP-Link ban is driven by geopolitics, but reports reveal flaws in the company’s routers that can enable remote attacks, with Chinese hackers recently conducting password spray attacks on thousands of compromised devices – most being TP-Link routers used in small offices and homes across the U.S.
CISA warned in February that Volt Typhoon had spent at least five years embedded in U.S. IT systems, positioning itself within critical infrastructure networks to unleash destructive cyberattacks capable of crippling national security, economic stability and public health. The U.S. cyber defense agency published a joint report with the Five Eyes intelligence-sharing alliance – the United Kingdom, Canada, Australia and New Zealand – detailing how the Chinese hacking group managed to gain persistent access to critical networks while avoiding detection (see: Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns).
CISA has also urged network operators to bolster defenses against Volt Typhoon by maintaining a central logging database that collects data on application and system access, in addition to other key recommendations. Despite mounting scrutiny, Chinese-made TP-Link routers remain hugely popular, with the Wall Street Journal reporting they are Amazon’s top-selling router and account for an estimated 65% of the U.S. market for home and small-business networks.
A Chinese ministry spokesperson responded to the Wall Street Journal report, condemning any ban on TP-Link products and vowing to protect the rights of Chinese companies overseas. The spokesperson told reporters China rejects the U.S.’ “generalization of the concept of national security and discriminatory practices.”
Volt Typhoon’s primary tactic is “living off the land,” using built-in network tools to evade detection while executing cyber operations. In January, CISA Director Jen Easterly testified that federal agencies had uncovered and neutralized Chinese-linked cyberattacks across critical sectors, including transportation, water, and energy.
In a February briefing, CISA Executive Assistant Director Eric Goldstein revealed that Chinese hackers had stolen critical operational technology data, including SCADA systems, relays, and switchgear diagrams – key to understanding and disrupting infrastructure. The agency also reported that Volt Typhoon actors could access surveillance cameras at vital facilities.