Two US House of Representatives members have called on the US Department of Commerce to investigate Chinese-made Wi-Fi routers deployed in the US over hacking and espionage concerns.
John Moolenaar (R-MI), chairman of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, and Raja Krishnamoorthi (D-IL), a ranking member of the same group, warned in an August 15 public statement of the “growing risk posed by Chinese Wi-Fi routers in the United States manufactured by TP-Link Technologies.”
TP-Link is a Chinese company and the world’s largest provider of Wi-Fi products, selling over 160 million products annually to more than 170 countries.
Its Wi-Fi routers are manufactured in China, which has led the two Congressmen to fear that state-sponsored hackers may be able to compromise the routers and infiltrate US systems.
“Moreover, TP-Link is subject to draconian ‘national security’ laws in the People’s Republic of China (PRC) and can be forced to hand over sensitive US information by Chinese intelligence officials,” they added.
In 2023, a Chinese state-sponsored advanced persistent threat (APT) group known as Camaro Dragon was observed exploiting TP-Link routers via a malicious firmware implant.
In January 2024, it was announced that the FBI led a law enforcement operation in December 2023 to disrupt a network of hundreds of small office/home office (SOHO) routers that had been infected by the KV Botnet malware by another Chinese APT group, Volt Typhoon.
Although the US Justice Department said most compromised devices in this campaign appeared from Cisco and NetGear, Volt Typhoon, hackers may have infiltrated US systems up to five years earlier.
In a separate letter to US Secretary of Commerce Gina Raimondo, Moolenaar and Krishnamoorthi said, “TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. Combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyber-attacks in the United States, it becomes significantly alarming.”
They asked for Secretary Raimondo’s threat assessment and mitigation plan by August 30.
Reference:
US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers
Latest News:
- Cicada3301 Ransomware Targets Critical Sectors in US and UK
by Imran Rasheed
A new ransomware group, Cicada3301, has emerged as a significant threat since its discovery in June 2024. It targets businesses in critical sectors across the US and UK. In just three months, the group has reportedly published data from 30 companies on their dedicated leak sites, underscoring the severity of the threat. Multi-Platform Ransomware and…
Read more: Cicada3301 Ransomware Targets Critical Sectors in US and UK
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
by Imran Rasheed
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part…
Read more: #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
- Universal Music Group Admits Data Breach
by Imran Rasheed
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15,…
Read more: Universal Music Group Admits Data Breach
- Get Safe Online Launches New Scam Detector
by Imran Rasheed
Get Safe Online has launched a new tool that uses the power of AI technology to flag potential digital scams to users. Ask Silver is a smartphone-based tool that interacts with users via WhatsApp. Once they sign up, users receive a one-time email with a QR code to scan, which opens the WhatsApp chat. All…
Read more: Get Safe Online Launches New Scam Detector
- Sellafield Fined for Cybersecurity Failures at Nuclear Site
by Imran Rasheed
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences…
Read more: Sellafield Fined for Cybersecurity Failures at Nuclear Site