• Home Support Forums Security Advisories Shop     English | French
Support Announcement
Security Response :: D-Link information regarding Volt Typhoon Cyberattacks

Overview  


REFERENCE: https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

  

On May 24, 2023, Microsoft uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

 

Please take the relevant information and required action below:

 

According to this report, one of the known attack paths and tools mentioned so far is to use the remote management interface of network routers exposed to the Internet to seize management rights to control these devices for attack behavior. Still, the remote management interface of all D-Link consumer routers is closed by factory default, and we have been urging consumers not to enable this feature. We always recommend consumers only turn on this remote management function if they know how to use it.


 In any case, consumers should keep their devices updated with the latest version of firmware to maintain the best security and to protect their devices with strong enough passwords not to reveal or share them with others. 

 

D-Link US recommends and reminds that any device reaching EOL/EOS; should be deactivated and retired from use.


D-Link Systems, aka DUS or DLS, is prohibited from supporting these EOL/EOS products and services; if you are outside the US, please get in touch with your regional D-Link office. If your device was provided by a licensed carrier (service 

 

provider) and firmware, don't hesitate to contact your carrier (service provider). Many devices on this list have available 3rd party open-firmware; D-Link does not support open firmware, which voids any warranty and is solely the responsibility of the device's owner.


If US consumers continue to use this service against D-Link's recommendations, please ensure the device has the last known firmware, which can be located on the D-Link Support site and D-Link Legacy Website. In addition, please provide you frequently update the device's unique password to access its web configuration and always have WIFI encryption enabled with a unique 

password.