US disrupts global botnet used by Chinese hackers Flax Typhoon (Image Credit: getty-images-YkibINt3MXo-unsplash)The US has disrupted a botnet that had over 200,000 consumer devices under control. The Chinese company Integrity Technology Group (ITG) owned and controlled the botnet. The company is better known as a front for the hacking group Flax Typhoon.

The botnet targeted routers, IP cameras, DVRs, and NAS devices. ITG used these devices to execute malicious commands and as a gateway to install malware on other devices. It also sold access to the botnet through an online app. It allowed its customers to control devices to distribute malware and steal information.

The FBI disabled the botnet remotely. It sent a series of commands that disrupted the command and control network. It also disabled the malware functionality on the affected devices.

Flax Typhoon detected the operation to free the devices. Its response was to launch with a distributed denial-of-service (DDoS) attack targeting the operational infrastructure that the FBI was utilizing. It was unsuccessful, as the takedown shows.

Deputy Attorney General Lisa Monaco (Image Credit: United States Department of Justice)
Deputy Attorney General Lisa Monaco

Deputy Attorney General Lisa Monaco said, “Our takedown of this state-sponsored botnet reflects the Department’s all-tools approach to disrupting cyber criminals. This network, managed by a PRC government contractor, hijacked hundreds of thousands of private routers, cameras, and other consumer devices to create a malicious system for the PRC to exploit.

“Today should serve as a warning to cybercriminals preying on Americans – if you continue to come for us, we will come for you.”

To help organisations protect themselves, several agencies from the US, UK, Canada, and Australia have issued a joint advisory. It provides technical details of the operation, including how the botnet was controlled and details of the compromised devices. It also lists the number of infected devices by country and recommended mitigations.

Enterprise Times: What does this mean?

The US is getting aggressive in its counter-cyber approach, as seen from its actions over the last couple of months. Whether this is an uptick due to the upcoming election remains to be seen. What is important is that it is taking the necessary measures to disrupt cyber-attacks, especially from China.

The indictment is also interesting. Several redacted lines show that the information likely came from an undercover agent, which is unusual for recent indictments against cyber criminals. This suggests that the FBI is expanding its operations.

LEAVE A REPLY

Please enter your comment!
Please enter your name here