U.S. authorities have dismantled a massive botnet run by hackers backed by the Chinese government, according to a speech given by FBI director Christopher Wray on Wednesday. The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations.
Wray explained the operation at the Aspen Digital conference and said the hackers work for a Beijing-based company called Integrity Technology Group, which is known to U.S. researchers as Flax Typhoon. The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024.
The operation to dismantle the botnet was coordinated by the FBI, the NSA, and the Cyber National Mission Force (CNMF), according to a press release dated Wednesday. The U.S. Department of Justice received a court order to take control of the botnet infrastructure by sending disabling commands to the malware on infected devices. The hackers tried to counterattack by hitting FBI infrastructure but were “ultimately unsuccessful,” according to the law enforcement agency.
About half of the devices hijacked were in the U.S., according to Wray, but there were also devices identified as compromised in South America, Europe, Africa, Southeast Asia, and Australia. And the DOJ noted in a press release that authorities in Australia, Canada, New Zealand, and the UK all helped take down the botnet.
Wray stressed that private industry working with the FBI could help those companies save money, claiming that firms saved about $800 million in ransomware payments in just two years by working with the agency after getting hacked.
The DOJ press release said that the operation to take down the botnet “did not affect the legitimate functions of, or collect content information from, the infected devices.” And the FBI said it would contact the ISPs of anyone whose devices were used in the botnet operation. The ISPs are the ones who are expected to notify the end users about both the compromise from hackers and the FBI’s own intrusion of their devices, the DOJ was quick to note that was only done with a court order.
“The Justice Department is zeroing in on the Chinese government backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” Attorney General Merrick Garland said in a statement on Wednesday.
“As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world,” Garland continued, using the acronym for the People’s Republic of China. “We will continue to aggressively counter the threat that China’s state-sponsored hacking groups pose to the American people.”
