Chinese Botnet Deployed To Infect Critical Infrastructure

Uploaded on 2024-09-24 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, INTELLIGENCE-Hot Spots-China, TECHNOLOGY--Hackers

The Chinese government is using a locally made IoT devices to hack US and UK organisations and increase the threat across critical US infrastructure.

Now, the FBI has issued a warning regarding China-affiliated cyber actors who have compromised over 260,000 internet-connected devices, primarily routers, to form a large botnet. The joint advisory was issued by Five Eyes security agencies in Canada, Australia and New Zealand.

In a related development, the US Justice Department has announced a court-authorised law enforcement operation that has disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide.

“As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity Technology Group, a company based in Beijing, and known to the private sector as Flax Typhoon, “ says the US Dept. of Justice.

The FBI advisory said that the botnet uses a network of bots infected with malware to grant unauthorised remote access for the hackers. 

The primary targets include small office/home office routers, firewalls, network-attached storage (NAS), and Internet of Things (IoT) devices, such as webcams. The hackers utilised this botnet for various malicious activities, including Distributed Denial of Service (DDoS) attacks and concealing identities online. 

Since June 2024, the botnet’s most significant presence is in the US, with about 126,000 compromised devices. Other affected countries include Vietnam with 21,100 devices and Germany with 18,900.

According to the FBI advisory, the botnet is controlled by Chinese company, Integrity Technology Group, which has been active since 2021. The botnet devices use have same IP addresses as those registered to the China Unicom Beijing Province Network, which manages the botnet, and has been linked to intrusion attempts against a number of targets.

These activities are associated with various threat groups, including those known as Flax Typhoon, RedJuliett, and Ethereal Panda.

To date, the FBI has successfully disrupted the malicious actor’s operations by reclaiming thousands of compromised devices. The FBI advice to device owners is to take take preventive measures, including disabling unused services, implementing network segmentation, monitoring for unusual traffic, applying timely updates, replacing default passwords, periodically rebooting devices, and replacing outdated equipment. 

US Dept of Justice   |   I-HLS   |   Cybersecoop   |   Axios   |    Cybernews   |    Infosecurity Magazine 

Image:

You Might Also Read: 

A Single Attack Disabled Half A Million Routers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Truth & Lies About US Hacked Voter Data
Pakistan Joins The Top Tier Of Global Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

GTB Technologies

GTB Technologies

GTB Technologies is a cyber security company that focuses on providing enterprise class data protection and data loss prevention solutions.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

Post-Quantum

Post-Quantum

Post-Quantum offer a unique, patented quantum-resistant encryption algorithm that can be applied to existing products and networks.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.