US Contemplates TP-Link Ban Following Volt Typhoon Cyberattack

U.S. government officials are considering a ban on the Chinese technology company TP-Link as a result of the recent Volt Typhoon cyberespionage campaign, which has raised alarms about vulnerabilities in Chinese-manufactured software and hardware. This campaign has potentially endangered critical infrastructure across the United States.

TP-Link, claiming to be the leading global provider of consumer WiFi devices and a prominent supplier in the U.S. market, now faces intense scrutiny after revelations that Beijing-affiliated hackers exploited its routers to compromise American critical systems. A coordinated response by the FBI, Department of Justice, and the Cybersecurity and Infrastructure Security Agency (CISA) successfully interrupted the Volt Typhoon operation, employing court-approved measures to neutralize malware embedded in numerous routers used in residential and small business contexts.

The investigative efforts into TP-Link were first reported by the Wall Street Journal, amidst bipartisan calls from lawmakers in Washington to assess whether the proliferation of Chinese WiFi routers poses a risk to national security. Although some critics suggest the potential ban is politically motivated, analyses indicate significant faults in TP-Link routers that could facilitate remote attacks. Recently, Chinese hackers have been identified as using compromised TP-Link devices to execute password spraying attacks targeting thousands of routers primarily deployed in U.S. homes and offices.

In a February report, CISA revealed that Volt Typhoon actors had maintained hidden access within U.S. IT infrastructures for at least five years, enabling them to launch potentially devastating cyberattacks that threaten national security, economic stability, and public health. A joint report by CISA and the Five Eyes intelligence alliance—comprising the U.K., Canada, Australia, and New Zealand—delineated how these hackers established and sustained undetected access to critical networks.

CISA has since advised network operators to enhance defensive measures against Volt Typhoon, recommending the establishment of a central logging database to monitor access to applications and systems, along with other critical security strategies. Despite the increasing scrutiny surrounding TP-Link, its products continue to dominate the market, making up an estimated 65% of sales in the U.S. for home and small business networking equipment, as noted by the Wall Street Journal.

A spokesperson for a Chinese government ministry condemned any potential ban on TP-Link products, asserting China’s commitment to safeguarding the rights of its companies abroad. The spokesperson stated that China opposes the U.S.’s broad interpretation of national security and discriminatory business practices.

One of Volt Typhoon’s primary methods involves “living off the land,” utilizing existing network tools to carry out operations while minimizing detection risks. In testimony before Congress, CISA Director Jen Easterly noted that U.S. federal agencies have identified and countered several cyberattacks linked to China across various critical sectors, including transportation, water supply, and energy.

Moreover, CISA Executive Assistant Director Eric Goldstein highlighted that sensitive operational technology data, including SCADA systems, relays, and switchgear diagrams used to understand and manage infrastructure, has been compromised by Chinese hackers. The agency expressed concern over the actors’ capability to exploit surveillance systems within essential facilities.