US disrupts botnet attack by Chinese group Flax Typhoon

19 Sep 2024

Image: © Rokas /Stock.adobe.com

‘If you continue to come for us, we will come for you,’ warned US deputy attorney general Lisa Monaco.

The US Department of Justice (DoJ) yesterday (18 September) said that it disrupted a Chinese “state-sponsored” botnet attack on consumer devices.

A court-authorised operation found that more than 200,000 consumer devices in the US were infected with malware by the Chinese hacking group known as ‘Flax Typhoon’.

The botnet malware infected home and office routers, internet protocol (IP) cameras, video recorders and network-attached storage devices.

The Justice department said that Integrity Technology Group, a Beijing-based company allegedly runs Flax Typhoon and was controlling the devices, conducting malicious cyber activity disguised as normal internet traffic.

FBI director Christopher Wray said at a conference that Integrity Technology Group posed as an IT firm, but also “collected intelligence and performed reconnaissance for Chinese government security agencies”.

“Our takedown of this state-sponsored botnet reflects the Department’s all-tools approach to disrupting cyber criminals,” said deputy attorney general Lisa Monaco.

 “Today should serve as a warning to cybercriminals preying on Americans – if you continue to come for us, we will come for you.”

Yesterday, the UK, Canada, Australia and New Zealand, issued a joint advisory with the US, accusing Integrity Technology Group of malicious cyber operations, stating that it had compromised tens of thousands of devices worldwide.

“Whilst the majority of botnets are used to conduct co-ordinated DDoS attacks, we know that some also have the ability to steal sensitive information,” said Paul Chicester, the UK’s National Cyber Security Centre (NCSC) director of operations.

“That’s why the NCSC, along with our partners in Five Eyes countries, is strongly encouraging organisations and individuals to act on the guidance set out in this advisory – which includes applying updates to internet-connected devices – to help prevent their devices from joining a botnet.”

Eric Knapp, a cyber security specialist and CTO of OPSWAT said that it is critical for users to be aware of the source of their computer hardware to protect them from being caught in a botnet.

“With the increasing prevalence of nation-state cyberattacks, conducting thorough asset inventories and monitoring the origins of both hardware and software are critical steps,” Knapp said.

“Also addressing risks associated with unpatched or end-of-life equipment, particularly from the supply chain, is essential for securing systems.”

Earlier this year, US authorities disrupted another alleged Chinese-state-sponsored botnet attack.

This group, known as Volt Typhoon, targeted critical infrastructure organisations by infecting privately owned routers with malware to conceal their hacking activities. A coalition of US intelligence agencies later claimed that Volt Typhoon had access to critical US infrastructure for at least five years.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Suhasini Srinivasaragavan is a sci-tech reporter for Silicon Republic

editorial@siliconrepublic.com