Chinese Botnet Deployed To Infect Critical Infrastructure

Uploaded on 2024-09-24 in INTELLIGENCE-Hot Spots-China, FREE TO VIEW

The Chinese government is using a locally made IoT devices to hack US and UK organisations and increase the threat across critical US infrastructure.

Now, the FBI has issued a warning regarding China-affiliated cyber actors who have compromised over 260,000 internet-connected devices, primarily routers, to form a large botnet. The joint advisory was issued by Five Eyes security agencies in Canada, Australia and New Zealand.

In a related development, the US Justice Department has announced a court-authorised law enforcement operation that has disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide.

“As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity Technology Group, a company based in Beijing, and known to the private sector as Flax Typhoon, “ says the US Dept. of Justice.

The FBI advisory said that the botnet uses a network of bots infected with malware to grant unauthorised remote access for the hackers. 

The primary targets include small office/home office routers, firewalls, network-attached storage (NAS), and Internet of Things (IoT) devices, such as webcams. The hackers utilised this botnet for various malicious activities, including Distributed Denial of Service (DDoS) attacks and concealing identities online. 

Since June 2024, the botnet’s most significant presence is in the US, with about 126,000 compromised devices. Other affected countries include Vietnam with 21,100 devices and Germany with 18,900.

According to the FBI advisory, the botnet is controlled by Chinese company, Integrity Technology Group, which has been active since 2021. The botnet devices use have same IP addresses as those registered to the China Unicom Beijing Province Network, which manages the botnet, and has been linked to intrusion attempts against a number of targets.

These activities are associated with various threat groups, including those known as Flax Typhoon, RedJuliett, and Ethereal Panda.

To date, the FBI has successfully disrupted the malicious actor’s operations by reclaiming thousands of compromised devices. The FBI advice to device owners is to take take preventive measures, including disabling unused services, implementing network segmentation, monitoring for unusual traffic, applying timely updates, replacing default passwords, periodically rebooting devices, and replacing outdated equipment. 

US Dept of Justice   |   I-HLS   |   Cybersecoop   |   Axios   |    Cybernews   |    Infosecurity Magazine 

Image:

You Might Also Read: 

A Single Attack Disabled Half A Million Routers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Remote Pager Attack Begins A New Era Of Warfare

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

Swiss CyberSecurity

Swiss CyberSecurity

Swiss CyberSecurity is a non-profit group based in Geneva, set up to provide information and as a forum for discussion of topics related to CyberSecurity.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.

Cyber Explorers

Cyber Explorers

Cyber Explorers is a fun, free and interactive learning platform for future digital superstars. An exciting addition to UK curriculum delivery or after school activities.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.