FBI Disrupts Chinese Botnet Infecting Thousands of US Devices

The agency moves against Beijing-backed hackers who infiltrated tens of thousands of cameras, video recorders, and routers.
FBI Disrupts Chinese Botnet Infecting Thousands of US Devices
A member of the hacking group Red Hacker Alliance, who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, Guangdong Province, China, on Aug. 4, 2020. Nicolas Asfouri/AFP via Getty Images
Andrew Thornebrooke
Updated:
0:00

Authorities in the United States disrupted a group of Chinese hackers that infiltrated thousands of devices on behalf of China’s communist regime.

A group of Chinese state-sponsored hackers working for Integrity Technology Group, a company based in Beijing and known to the private sector as “Flax Typhoon,” used the infected devices to form a botnet to launch additional attacks, the Justice Department said on Sep. 18.

Malware was installed by the Chinese outfit on some 200,000 consumer devices in the United States and elsewhere. Infected utilities included cameras, video recorders, and home and office routers.

“The malware connected these thousands of infected devices into a botnet, controlled by Integrity Technology Group, which was used to conduct malicious cyber activity disguised as routine internet traffic from the infected consumer devices,” a statement released by the Justice Department read.

The FBI then engaged in a court-ordered operation to take control of the compromised devices and remotely disable the malware to prevent the hackers from further spying on and stealing data from universities, government agencies, and others.

Speaking at the Aspen Cyber Summit on Sept. 18, FBI Director Christopher Wray said that the government’s malware disabling commands were “extensively tested prior to the operation.”

“This was another successful disruption, but make no mistake—it’s just one round in a much longer fight,” Wray said.

“The Chinese government is going to continue to target your organizations and our critical infrastructure … and we’ll continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns, and bring them to light,” he said.

Still, the hackers launched a counterattack on FBI devices, deploying a distributed denial-of-service (DDoS) campaign that targeted the infrastructure the FBI was using to take control of the devices.

“That attack was ultimately unsuccessful in preventing the FBI’s disruption of the botnet,” the Justice Department stated.

Acknowledgment of the operation comes nine months after Wray disclosed another campaign disrupted a Chinese botnet targeting critical infrastructure in the United States.

Wray testified at the time that the CCP’s intrusion into U.S. systems was unique for the extent to which it deliberately targeted civilian systems that would directly pose physical harm to Americans.

He said the malware removed in that operation was designed to disrupt, degrade, and destroy U.S. infrastructure, likely in coordination with direct military actions in the event of a conflict between the United States and China.

It is unclear if the Flax Typhoon malware served a similar purpose.

According to court documents, the Beijing-based Integrity Technology Group built an online application allowing its customers to log in and control infected victim devices with a menu of malicious cyber commands using a tool called “vulnerability-arsenal.”

The online application was prominently labeled “KRLab,” one of the main public brands used by Integrity Technology Group.

Attorney General Merrick Garland said in a statement that the cyber campaign was just one part of communist China’s robust efforts to undermine U.S. national security.

“The Justice Department is zeroing in on the Chinese government-backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” Garland said.

“We will continue to aggressively counter the threat that China’s state-sponsored hacking groups pose to the American people.”

The FBI will advise U.S. owners of devices affected by the operation through their internet service providers.

Andrew Thornebrooke
Andrew Thornebrooke
National Security Correspondent
Andrew Thornebrooke is a national security correspondent for The Epoch Times covering China-related issues with a focus on defense, military affairs, and national security. He holds a master's in military history from Norwich University.
twitter