Chinese Botnet Deployed To Infect Critical Infrastructure

Uploaded on 2024-09-24 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, INTELLIGENCE-Hot Spots-China, TECHNOLOGY--Hackers

The Chinese government is using a locally made IoT devices to hack US and UK organisations and increase the threat across critical US infrastructure.

Now, the FBI has issued a warning regarding China-affiliated cyber actors who have compromised over 260,000 internet-connected devices, primarily routers, to form a large botnet. The joint advisory was issued by Five Eyes security agencies in Canada, Australia and New Zealand.

In a related development, the US Justice Department has announced a court-authorised law enforcement operation that has disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide.

“As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity Technology Group, a company based in Beijing, and known to the private sector as Flax Typhoon, “ says the US Dept. of Justice.

The FBI advisory said that the botnet uses a network of bots infected with malware to grant unauthorised remote access for the hackers. 

The primary targets include small office/home office routers, firewalls, network-attached storage (NAS), and Internet of Things (IoT) devices, such as webcams. The hackers utilised this botnet for various malicious activities, including Distributed Denial of Service (DDoS) attacks and concealing identities online. 

Since June 2024, the botnet’s most significant presence is in the US, with about 126,000 compromised devices. Other affected countries include Vietnam with 21,100 devices and Germany with 18,900.

According to the FBI advisory, the botnet is controlled by Chinese company, Integrity Technology Group, which has been active since 2021. The botnet devices use have same IP addresses as those registered to the China Unicom Beijing Province Network, which manages the botnet, and has been linked to intrusion attempts against a number of targets.

These activities are associated with various threat groups, including those known as Flax Typhoon, RedJuliett, and Ethereal Panda.

To date, the FBI has successfully disrupted the malicious actor’s operations by reclaiming thousands of compromised devices. The FBI advice to device owners is to take take preventive measures, including disabling unused services, implementing network segmentation, monitoring for unusual traffic, applying timely updates, replacing default passwords, periodically rebooting devices, and replacing outdated equipment. 

US Dept of Justice   |   I-HLS   |   Cybersecoop   |   Axios   |    Cybernews   |    Infosecurity Magazine 

Image:

You Might Also Read: 

A Single Attack Disabled Half A Million Routers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Truth & Lies About US Hacked Voter Data
Pakistan Joins The Top Tier Of Global Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Axiomtek

Axiomtek

Axiomtek is a leading design and manufacturing company in the industrial computer and embedded field.

CUJO AI

CUJO AI

CUJO AI is the global leader in the development and application of artificial intelligence to improve the security, control and privacy of connected devices in homes and businesses.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Mindaro Insurance

Mindaro Insurance

Mindaro is adding the crucial piece of the cyber security puzzle that protects your organization from the financial ramifications of cyber attacks.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.