US Government Seizes Control of Massive Botnet Allegedly Controlled by Chinese State-Sponsored Hackers
Last week, the Federal Bureau of Investigation (FBI) took control of a botnet comprising hundreds of thousands of internet-connected devices, including cameras, video recorders, storage devices, and routers. The botnet was operated by a Chinese government hacking group known as Flax Typhoon.
The Botnet: A Threat to Critical Infrastructure
According to the FBI director Christopher Wray, the hacking group targeted critical infrastructure across the United States and overseas, affecting corporations, media organizations, universities, and government agencies. Wray revealed this information at the Aspen Cyber Summit cybersecurity conference on Wednesday.
"We’re talking about a botnet that was targeting critical infrastructure across the U.S. and overseas," Wray said. "Everyone from corporations and media organizations to universities and government agencies were affected."
The Takeover: A Success Story
Wray explained that working in collaboration with partners, the authorities executed court-authorized operations to take control of the botnet’s infrastructure. Once they did, the FBI removed the malware from compromised devices.
"Now, when the bad guys realized what was happening, they tried to migrate their bots to new servers and even conducted a Distributed Denial of Service (DDoS) attack against us," Wray said.
A Joint Advisory: The Evidence
In a joint advisory published on Wednesday, the FBI, Cyber National Mission Force, and the National Security Agency linked the botnet to the Chinese government. According to the advisory, the botnet was used to conceal the operations of Chinese hackers.
The U.S. government said that the botnet was operated and controlled by Integrity Technology Group, which allegedly works for the Chinese government. A representative from Integrity Technology Group did not respond to TechCrunch’s request for comment on Wednesday.
Mirai: The Malware Behind the Botnet
According to the advisory, the botnet hacked into vulnerable internet-connected devices using Mirai, a notorious malware designed to control a large number of compromised devices. Mirai was open-sourced in 2016 after a group of hackers used it to launch powerful DDoS attacks.
The Scope: A Large Number of Devices Affected
The authorities found a database of over 1.2 million records of compromised devices, including over 385,000 unique U.S. victim devices, both previously and actively exploited.
Previous Incidents: Flax Typhoon’s History
Earlier this year, Microsoft published a report about Flax Typhoon, saying the group targeted dozens of organizations in Taiwan. The tech giant reported that Flax Typhoon has been active since mid-2021, targeting government agencies, education institutions, critical manufacturing, and information technology organizations in Taiwan.
In addition, cybersecurity company ESET wrote that it observed Flax Typhoon compromise several Microsoft Exchange servers in Taiwan, targeting government organizations, consulting firms, travel booking software companies, pharmaceuticals, and electronics verticals.
A Pattern: U.S.-Led Takedowns of Chinese Government Hacking Groups
This is the latest U.S.-led takedown of a Chinese government hacking group. In recent years, there have been several incidents where the U.S. authorities took control of botnets linked to Chinese government hacking groups.
The Implications: A Warning for Device Owners
The takeover of Flax Typhoon’s botnet serves as a warning to device owners to secure their devices and take necessary precautions to prevent hacking.
As Wray noted, "We’re talking about a botnet that was targeting critical infrastructure across the U.S. and overseas… Everyone from corporations and media organizations to universities and government agencies were affected."
Conclusion: A Collaborative Effort
The takeover of Flax Typhoon’s botnet is a success story for collaboration between authorities, partners, and device owners.
As Wray said, "We’re talking about a collaborative effort between the FBI, Cyber National Mission Force, and the National Security Agency to take control of the botnet’s infrastructure."
This incident highlights the importance of cybersecurity measures and the need for device owners to secure their devices to prevent hacking.
