Insights

On September 19, U.S. authorities announced the dismantling of a China-backed botnet operated by the hacker group Flax Typhoon. This operation freed hundreds of thousands of infected devices, including routers and cameras, which had been compromised to exfiltrate confidential data. The botnet targeted critical infrastructure and various sectors, including public and private entities, as well as academia and media. The Justice Department revealed that over 200,000 of the infected devices were located in the United States, allowing hackers to conduct malicious activities disguised as normal internet traffic. The operation was executed through a court-authorized law enforcement initiative, which successfully took control of the malicious infrastructure. During the disbanding, Chinese hackers attempted to intervene but were unsuccessful. Flax Typhoon was identified as operating under the guise of a legitimate company, Integrity Technology Group, based in Beijing, which had developed an online application for controlling infected devices. FBI Director Christopher Wray emphasized that this disruption is part of an ongoing battle against cyber threats from the Chinese government, which continues to target U.S. organizations and critical infrastructure. He noted that the group had been active since mid-2021 and had caused significant harm to its victims, including financial losses and operational disruptions. This incident follows a similar disruption in January, where U.S. authorities dismantled another China-backed malware botnet known as Volt Typhoon. The ongoing efforts highlight the persistent threat posed by state-sponsored hacking groups and the need for continued vigilance and collaboration among U.S. authorities and their partners.