Two US House of Representatives members have called on the US Department of Commerce to investigate Chinese-made Wi-Fi routers deployed in the US over hacking and espionage concerns.
John Moolenaar (R-MI), chairman of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, and Raja Krishnamoorthi (D-IL), a ranking member of the same group, warned in an August 15 public statement of the “growing risk posed by Chinese Wi-Fi routers in the United States manufactured by TP-Link Technologies.”
TP-Link is a Chinese company and the world’s largest provider of Wi-Fi products, selling over 160 million products annually to more than 170 countries.
Its Wi-Fi routers are manufactured in China, which has led the two Congressmen to fear that state-sponsored hackers may be able to compromise the routers and infiltrate US systems.
“Moreover, TP-Link is subject to draconian ‘national security’ laws in the People’s Republic of China (PRC) and can be forced to hand over sensitive US information by Chinese intelligence officials,” they added.
In 2023, a Chinese state-sponsored advanced persistent threat (APT) group known as Camaro Dragon was observed exploiting TP-Link routers via a malicious firmware implant.
In January 2024, it was announced that the FBI led a law enforcement operation in December 2023 to disrupt a network of hundreds of small office/home office (SOHO) routers that had been infected by the KV Botnet malware by another Chinese APT group, Volt Typhoon.
Although the US Justice Department said most compromised devices in this campaign appeared from Cisco and NetGear, Volt Typhoon, hackers may have infiltrated US systems up to five years earlier.
In a separate letter to US Secretary of Commerce Gina Raimondo, Moolenaar and Krishnamoorthi said, “TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. Combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyber-attacks in the United States, it becomes significantly alarming.”
They asked for Secretary Raimondo’s threat assessment and mitigation plan by August 30.
Reference:
US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers
Latest News:
- Highline Public Schools Forced to Close By Cyber-Attack
by Imran Rasheed
A cyber-attack forced a group of schools in the US Pacific Northwest to close for at least two days. Highline Public Schools has more than 17,500 students in grades K-12. The district has 34 schools and 2,000 staff in Washington State. On Sunday, the school district reported that it had suffered a cyber-attack and that …
- Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details
by Imran Rasheed
Electronic payment gateway Slim CD has been hit by a cyber-attack, potentially exposing the credit card details of 1.7 million individuals. The firm, which handles electronic payments for US and Canadian-based merchants, revealed that it became aware of suspicious activity in its computer environment around June 15, 2024. A subsequent investigation identified system access between …
- Most Targeted DDoS Attacks Double With Governments
by Imran Rasheed
New research says the number of distributed denial of service (DDoS) attacks continues to grow, doubling year over year (YoY). According to StormWall’s DDoS Attacks Report, attacks globally rose by 102% in the first half of this year compared to 2023. The government sector was the most brutal hit, with a 116% YoY increase. StormWall says …
- Ransomware Attacks Exposed 6.7 Million Records in US Schools
by Imran Rasheed
Ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018. These attacks impacted over 8,000 educational institutions and exposed 6.7 million individual records. According to a new report by Comparitech, estimated costs exceed $2.5b in downtime alone as schools struggle to restore systems, recover data and strengthen cybersecurity measures. …
- Georgia Tech Sued Over Cybersecurity Violations
by Imran Rasheed
The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations. The Department of Justice (DoJ) has joined a whistleblower to file a “complaint-in-intervention” against the institutions for “knowingly” failing to implement cybersecurity controls as required by their Department of Defense (DoD) contract. This contract related to …
Imran Rasheed is a Chief Information Security Officer dedicated to developing innovative solutions for organizations and governments through his expertise. He has worked in blue-chip companies and has experience in different finance sectors. Nevertheless, he mentors young professionals in his free time to help them achieve their career goals and dreams.