Authorities in the United States have disrupted a group of Chinese hackers who were working on behalf of China’s communist regime. The hackers, known as ”Flax Typhoon,” were employed by Integrity Technology Group, a Beijing-based company. They used thousands of infected devices to form a botnet and launch further attacks, according to the Justice Department.
The malware installed by the Chinese hackers affected around 200,000 consumer devices in the US and other countries. These included cameras, video recorders, routers used in homes and offices. The infected devices were connected into a botnet controlled by Integrity Technology Group. This allowed them to conduct malicious cyber activities disguised as routine internet traffic from the compromised consumer devices.
To counter this threat, the FBI carried out a court-ordered operation to take control of these compromised devices and disable the malware remotely. This action aimed to prevent further spying and data theft from universities, government agencies, and other targets.
FBI Director Christopher Wray spoke about this operation at the Aspen Cyber Summit on September 18th. He emphasized that extensive testing was conducted before executing commands to disable the malware.
Wray acknowledged that while this disruption was successful, it is just one battle in an ongoing fight against Chinese hacking campaigns targeting organizations and critical infrastructure within the US.
In response to FBI’s actions against their botnet operation, Flax Typhoon launched a counterattack using distributed denial-of-service (DDoS) tactics against FBI devices. However, their attempt failed to prevent FBI’s disruption of their botnet network.
This recent acknowledgment follows Wray’s disclosure nine months ago about another campaign where a Chinese botnet targeting critical infrastructure within the US was disrupted. During his testimony at that time, Wray highlighted how unique it was for China’s intrusion into civilian systems with potential physical harm implications for Americans during conflicts between both nations.
It remains unclear if Flax Typhoon’s malware had similar intentions or capabilities as those previously encountered by US authorities.
According to court documents related to this case, Integrity Technology Group developed an online application called “KRLab.” This application allowed customers to log in and control infected victim devices using various malicious cyber commands through a tool called “vulnerability-arsenal.”
Attorney General Merrick Garland stated that this cyber campaign is just one aspect of China’s broader efforts aimed at undermining US national security. The Justice Department is committed to countering state-sponsored hacking groups backed by China that pose serious threats not only towards innocent Americans but also towards national security itself.
Affected device owners will be notified through their internet service providers under guidance from the FBI regarding this operation.