Chinese Botnet Deployed To Infect Critical Infrastructure

Uploaded on 2024-09-24 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, INTELLIGENCE-Hot Spots-China, TECHNOLOGY--Hackers

The Chinese government is using a locally made IoT devices to hack US and UK organisations and increase the threat across critical US infrastructure.

Now, the FBI has issued a warning regarding China-affiliated cyber actors who have compromised over 260,000 internet-connected devices, primarily routers, to form a large botnet. The joint advisory was issued by Five Eyes security agencies in Canada, Australia and New Zealand.

In a related development, the US Justice Department has announced a court-authorised law enforcement operation that has disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide.

“As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity Technology Group, a company based in Beijing, and known to the private sector as Flax Typhoon, “ says the US Dept. of Justice.

The FBI advisory said that the botnet uses a network of bots infected with malware to grant unauthorised remote access for the hackers. 

The primary targets include small office/home office routers, firewalls, network-attached storage (NAS), and Internet of Things (IoT) devices, such as webcams. The hackers utilised this botnet for various malicious activities, including Distributed Denial of Service (DDoS) attacks and concealing identities online. 

Since June 2024, the botnet’s most significant presence is in the US, with about 126,000 compromised devices. Other affected countries include Vietnam with 21,100 devices and Germany with 18,900.

According to the FBI advisory, the botnet is controlled by Chinese company, Integrity Technology Group, which has been active since 2021. The botnet devices use have same IP addresses as those registered to the China Unicom Beijing Province Network, which manages the botnet, and has been linked to intrusion attempts against a number of targets.

These activities are associated with various threat groups, including those known as Flax Typhoon, RedJuliett, and Ethereal Panda.

To date, the FBI has successfully disrupted the malicious actor’s operations by reclaiming thousands of compromised devices. The FBI advice to device owners is to take take preventive measures, including disabling unused services, implementing network segmentation, monitoring for unusual traffic, applying timely updates, replacing default passwords, periodically rebooting devices, and replacing outdated equipment. 

US Dept of Justice   |   I-HLS   |   Cybersecoop   |   Axios   |    Cybernews   |    Infosecurity Magazine 

Image:

You Might Also Read: 

A Single Attack Disabled Half A Million Routers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Truth & Lies About US Hacked Voter Data
Pakistan Joins The Top Tier Of Global Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SK-CERT

SK-CERT

SK-CERT National Computer Computer Emergency Response Team of Slovakia.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

Binarly

Binarly

Binarly has developed an AI-powered platform to protect devices against emerging firmware threats.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.