Volt Typhoon is using compromised routers as a command-and-control network and deploying a new web shell called “fy.sh” on targeted Cisco routers, indicating a highly active and sophisticated operation.