Botnet under Chinese state control taken over by FBI

The US Federal Bureau of Investigation (FBI) has taken control of a botnet consisting of hundreds of thousands of internet-enabled devices such as cameras, video recorders, storage devices and routers. This botnet was operated by a Chinese hacker group.

Operation by Flax Typhoon

The group, known as Flax Typhoon, targeted critical infrastructure in the US and other countries. FBI Director Christopher Wray said the group targeted “corporations, media organizations, universities and government agencies,” he said at the Aspen Cyber Summit, a cybersecurity conference. “Working with our partners, we conducted court-authorized operations to take over the botnet’s infrastructure,” the FBI director continued.

After authorities achieved this, the FBI was able to remove the malware from the affected devices. When the hackers realized their operation was being disrupted, they attempted to move their bots to new servers and launched a DDoS attack against the FBI.

In one joint statement The FBI, the Cyber National Mission Force and the NSA stated that the botnet of 260,000 compromised devices was ultimately controlled by the Chinese government. According to investigators’ findings, the hacker group had close ties to government agencies.

Mirai again

The botnet used a modified version of Mirai, a notorious malware first released in 2016 after it was used to launch some of the most powerful DDoS attacks of the time. The Flax Typhoon operation specifically targeted a wide range of internet-connected devices, including a database of over 1.2 million compromised devices, of which more than 385,000 are clearly located in the United States.

Microsoft had already warned about Flax Typhoon in a report earlier this year, pointing to the group’s attacks against “dozens of organizations” in Taiwan, including government agencies, educational institutions, and manufacturing and information technology companies.

Security service provider ESET confirmed in a report on Wednesday that Flax Typhoon compromised Microsoft Exchange servers in Taiwan and attacked various targets, including government agencies, consulting firms, and electronics companies.