In a decisive move, the U.S. Justice Department has disrupted a Beijing-affiliated botnet controlling 200,000 compromised devices.
At a Glance
- The Justice Department’s operation disrupted a botnet with over 200,000 devices.
- Beijing-affiliated hackers from Integrity Technology Group, known as “Flax Typhoon,” controlled the botnet.
- Compromised devices included routers, cameras, and DVRs.
- The FBI neutralized the malware after taking control of the hacker’s infrastructure.
- The wider implications of this operation highlight ongoing efforts against Chinese cyber threats.
Massive Botnet Disruption by the Justice Department
The U.S. Justice Department announced the disruption of a massive botnet managed by Beijing-linked hackers. The botnet, which compromised 200,000 devices worldwide, included routers, cameras, and DVRs. The hackers, identified as “Flax Typhoon” from Beijing’s Integrity Technology Group, posed a severe threat to U.S. infrastructure. This decisive action underscores efforts to counter Chinese cyber threats effectively.
The operation involved seizing control of the hackers’ infrastructure, enabling the FBI to send disabling commands to the botnet’s malware. Despite an attempted DDoS attack to disrupt the FBI’s efforts, the operation successfully neutralized the malware.
Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackershttps://t.co/auiGHRI2xY pic.twitter.com/VEGk7lXXkB
— National Security Division, U.S. Dept of Justice (@DOJNatSec) September 18, 2024
FBI’s Role and International Cooperation
FBI Deputy Director Paul Abbate emphasized the importance of protecting victims and dismantling malicious infrastructure. This operation, led by the FBI’s San Diego Field Office and Cyber Division, involved significant international collaboration. The FBI also corroborated Microsoft’s findings on Flax Typhoon’s activities, which have been targeting various sectors since 2021.
“Flax Typhoon’s actions caused real harm to its victims, who had to devote precious time to clean up the mess when they discovered the malware,” Wray said during the Aspen Cyber Summit.
Deputy Attorney General Lisa Monaco highlighted that the takedown reflects the Department’s all-tools approach to fighting cybercrime. She also noted the critical importance of reporting from the private sector, which played a key role in this operation.
Today, we announced an #FBI led operation to disrupt a botnet used by China-based hackers known as Flax Typhoon, which infected more than 200,000 consumer devices in the U.S. and worldwide. Read more about this court-authorized operation with our partners: https://t.co/ovOiQNnm2c
— FBI (@FBI) September 18, 2024
Critical Perspective and Ongoing Threats
Assistant Attorney General Matthew G. Olsen reiterated the Justice Department’s determination to combat PRC state-sponsored hackers. This operation marks the second time this year that such threats have been disrupted. U.S. Attorney Eric G. Olshan emphasized the operation’s success in dismantling a sophisticated botnet and warned of the continuous nature of cyber conflict.
“The Justice Department is zeroing in on the Chinese government-backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” said Attorney General Merrick B. Garland. “As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world. We will continue to aggressively counter the threat that China’s state-sponsored hacking groups pose to the American people.”
The botnet operation’s broader implications highlight the ongoing and significant threat posed by state-backed cyber actors, particularly from China. Older devices from companies like NetGear Inc. and Cisco Systems Inc. were among the most vulnerable. This disruption is a part of a larger, ongoing battle against sophisticated cyber threats.
Sources:
- Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers
- U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure
- Vast Chinese Hacking Operation of U.S. Consumer Tech Busted
- FBI Disrupts Large Scale Chinese State Backed Botnet Activity
- U.S. authorities thwart another China-backed botnet
- Justice Department disrupts vast Chinese hacking operation that infected consumer devices
- Justice Department Disrupts Vast Chinese Hacking Operation That Infected Consumer Devices
- U.S. Intelligence Agencies Say Chinese Botnet Compromised 260,000 Devices
- Justice Department disrupts global botnet linked to Chinese state-sponsored hackers