Chinese Botnet Deployed To Infect Critical Infrastructure

Uploaded on 2024-09-24 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, INTELLIGENCE-Hot Spots-China, TECHNOLOGY--Hackers

The Chinese government is using a locally made IoT devices to hack US and UK organisations and increase the threat across critical US infrastructure.

Now, the FBI has issued a warning regarding China-affiliated cyber actors who have compromised over 260,000 internet-connected devices, primarily routers, to form a large botnet. The joint advisory was issued by Five Eyes security agencies in Canada, Australia and New Zealand.

In a related development, the US Justice Department has announced a court-authorised law enforcement operation that has disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide.

“As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity Technology Group, a company based in Beijing, and known to the private sector as Flax Typhoon, “ says the US Dept. of Justice.

The FBI advisory said that the botnet uses a network of bots infected with malware to grant unauthorised remote access for the hackers. 

The primary targets include small office/home office routers, firewalls, network-attached storage (NAS), and Internet of Things (IoT) devices, such as webcams. The hackers utilised this botnet for various malicious activities, including Distributed Denial of Service (DDoS) attacks and concealing identities online. 

Since June 2024, the botnet’s most significant presence is in the US, with about 126,000 compromised devices. Other affected countries include Vietnam with 21,100 devices and Germany with 18,900.

According to the FBI advisory, the botnet is controlled by Chinese company, Integrity Technology Group, which has been active since 2021. The botnet devices use have same IP addresses as those registered to the China Unicom Beijing Province Network, which manages the botnet, and has been linked to intrusion attempts against a number of targets.

These activities are associated with various threat groups, including those known as Flax Typhoon, RedJuliett, and Ethereal Panda.

To date, the FBI has successfully disrupted the malicious actor’s operations by reclaiming thousands of compromised devices. The FBI advice to device owners is to take take preventive measures, including disabling unused services, implementing network segmentation, monitoring for unusual traffic, applying timely updates, replacing default passwords, periodically rebooting devices, and replacing outdated equipment. 

US Dept of Justice   |   I-HLS   |   Cybersecoop   |   Axios   |    Cybernews   |    Infosecurity Magazine 

Image:

You Might Also Read: 

A Single Attack Disabled Half A Million Routers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Truth & Lies About US Hacked Voter Data
Pakistan Joins The Top Tier Of Global Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

Aqua Security Software

Aqua Security Software

Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

LiveVault

LiveVault

LiveVault delivers fully automated, turnkey, backup over the Internet or a private network connection for uninterrupted remote data protection.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

L&T Technology Services (LTTS)

L&T Technology Services (LTTS)

L&T Technology Services Limited (LTTS) is a global leader in Engineering and R&D (ER&D) services.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.