Summary of US government 'took control' of a botnet run by Chinese government hackers, says FBI director | TechCrunch

  • techcrunch.com
  • Article
  • Summarized Content

    FBI Takes Down Chinese Government Botnet Targeting Security

    The FBI, alongside U.S. government agencies, has successfully taken control of a massive botnet controlled by a Chinese government hacking group called Flax Typhoon.

    • The botnet, consisting of hundreds of thousands of internet-connected devices, was used to target critical infrastructure in the United States and internationally.
    • Flax Typhoon targeted a range of entities, including corporations, media organizations, universities, and government agencies.

    FBI's Security Operation and Chinese Government's Response

    FBI Director Christopher Wray revealed at the Aspen Cyber Summit that the agency executed court-authorized operations to seize control of the botnet's infrastructure.

    • The FBI removed malware from the compromised devices, disrupting the Chinese government hacking group's operations.
    • In response, Flax Typhoon attempted to migrate their botnet to new servers and launched a distributed denial of service (DDoS) attack against the FBI.

    Botnet's Infrastructure and Targets

    The botnet was comprised of 260,000 compromised devices, including cameras, video recorders, storage devices, and routers.

    • The botnet was operated and controlled by Integrity Technology Group, a company allegedly working for the Chinese government.
    • The U.S. government's advisory specifically linked the botnet to the Chinese government, highlighting its role in concealing the operations of Chinese hackers.

    Chinese Government Hacking Group's Malware and Targets

    Flax Typhoon leveraged Mirai, a notorious malware designed to control large numbers of compromised devices, to infiltrate vulnerable internet-connected devices.

    • Mirai was open-sourced in 2016 and has been used to launch powerful DDoS attacks.
    • The Flax Typhoon operation specifically targeted consumer internet-connected devices.

    Flax Typhoon's Activities and Focus on Taiwan

    The FBI's investigation revealed a database of over 1.2 million records of compromised devices, with over 385,000 unique U.S. victim devices.

    • Flax Typhoon's activities have been observed by Microsoft, which reported that the group targeted dozens of organizations in Taiwan since mid-2021.
    • Flax Typhoon targeted government agencies, educational institutions, critical manufacturing, and IT organizations in Taiwan.

    Flax Typhoon's Techniques and Targets in Taiwan

    ESET, a cybersecurity company, reported observing Flax Typhoon compromise Microsoft Exchange servers in Taiwan, targeting government organizations, a consulting firm, a travel booking software company, and companies in the pharmaceuticals and electronics sectors.

    • Flax Typhoon's activities raise serious concerns about the Chinese government's efforts to undermine the security of Taiwan, a crucial U.S. ally in the region.
    • This incident highlights the growing threat of cyberattacks from state-sponsored actors, particularly from the Chinese government.

    The U.S. Government's Efforts to Combat Chinese Government Hacking

    The FBI's takedown of Flax Typhoon follows a series of actions by the U.S. government to disrupt the activities of Chinese government hacking groups.

    • Earlier this year, the U.S. government disrupted the activities of another Chinese government hacking group called Volt Typhoon, which has been targeting U.S. internet providers and critical infrastructure.
    • The U.S. government has warned about the potential for China to launch destructive cyberattacks in the event of a conflict, particularly in the context of a possible Chinese invasion of Taiwan.

    Ask anything...

    Sign Up Free to ask questions about anything you want to learn.