Washington, DC [US], September 19 (ANI): The United States has identified and dismantled a botnet campaign orchestrated by hackers linked to China, aimed at infiltrating American infrastructure and various internet-connected devices, Voice of America reported.
According to the report, during a cyber summit in Washington on Wednesday, FBI Director Christopher Wray announced the disruption of what he referred to as Flax Typhoon, describing it as part of a broader campaign by Beijing. The FBI director further stated, “Flax Typhoon hijacked Internet-of-Things devices like cameras, video recorders, and storage devices–things typically found across both big and small organizations. And about half of those hijacked devices were located here in the US.”He added that the hackers were operating under the guise of an information security company named Integrity Technology Group, which gathered data from corporations, media outlets, universities, and government agencies.
“They used internet-connected devices–this time, hundreds of thousands of them–to create a botnet that helped them compromise systems and exfiltrate confidential data,” he said.
Flax Typhoon’s activities were disrupted last week when the FBI, in collaboration with allies and operating under court orders, seized control of the botnet and targeted the hackers as they attempted to switch to a backup system.
“We think the bad guys finally realized that it was the FBI and our partners that they were up against,” Wray said. “And with that realization, they essentially burned down their new infrastructure and abandoned their botnet.”Wray noted that Flax Typhoon seemed to build upon the techniques and exploits of another hacking group linked to China, called Volt Typhoon, which was identified by Microsoft in May of the previous year. According to the report, the Chinese hacking group Volt Typhoon utilized office network equipment, such as routers, firewalls, and VPN hardware, to penetrate and disrupt the communications infrastructure in Guam, which houses essential US military facilities.
Meanwhile, the Chinese embassy in America rejected the US accusations on Wednesday. Chinese embassy spokesperson Liu Pengyu told VOA via email in response to the allegations about the Flax Typhoon. He said, “Without valid evidence, the US jumped to an unwarranted conclusion and made groundless accusations.”Liu further stated, “The US itself is the origin and the biggest perpetrator of cyberattacks. We urge the US to stop its worldwide cyber espionage and cyberattacks, and stop smearing other countries under the excuse of cybersecurity.” The FBI and the US Cybersecurity and Infrastructure Security Agency have previously cautioned that hackers directed by the Chinese government, such as Volt Typhoon, have been preparing to execute destructive cyberattacks that could endanger the physical safety of Americans.
After Wednesday’s announcement by the FBI, the US National Security Agency (NSA) released an advisory urging anyone with a device affected by Flax Typhoon to install the necessary patches.It said that as of this past June, the Flax Typhoon botnet was using more than 260,000 devices in North America, Europe, Africa, and Southeast Asia. (ANI)
