close
close

FBI Shuts Down Chinese-Linked Botnet Campaign in Joint Operation – CySecurity News

Posted on by Vaseline
FBI Shuts Down Chinese-Linked Botnet Campaign in Joint Operation – CySecurity News

The Five Eyes intelligence alliance has released a joint report warning organizations to take security measures after it emerged that the botnet was used to launch DDoS attacks and compromise organizations in the US.

Flax typhoon involved

FBI Director Chris Wray spoke about the threat at the Aspen Cyber ​​Summit and said that the operation was launched by the Flax Typhoon group. The attackers placed malware on more than 200,000 customer devices. In a joint operation, the FBI and the US Department of Justice were able to take over the botnet infrastructure. 50% of the compromised devices were found in the US.

The hijacked devices—cameras, internet routers, and video recorders—formed a large botnet to steal critical data. The attacks were similar to another botnet campaign carried out by the Volt Typhoon group, which also used web-connected devices to create a botnet that hijacked systems and stole sensitive data.

But Flax Typhoon’s botnet also threatened a larger number of devices than Volt Typhoon’s router-based network.

According to Wray, Flax Typhoon Group poses as an information security company, but the company has long had close ties to the Chinese government.

“They present themselves as an information security company: Integrity Technology Group. But their chairman has publicly admitted that his company has been collecting intelligence and conducting reconnaissance for Chinese government security services for years.”

Increase in state-sponsored attacks

While the operation was a success, Wray said, he cautioned that the threat of state-sponsored attacks from China was still alive. Wray cautioned that while this operation was a success, the broader ecosystem of state-sponsored cyberattacks from China was still very much alive.

“This was another successful disruption, but make no mistake: this is just one round in a much longer battle. The Chinese government will continue to target your organizations and our critical infrastructure, whether by their own hand or hidden through their proxies, and we will continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns, and expose them,” Wray said.
According to a 2023 Microsoft report, Flax Typhoon has been active since 2021. Other reports suggest the group has been active since 2020. In its early years, Flax Typhoon targeted government agencies, critical manufacturing, the education sector, and IT companies in Taiwan.

Related Posts