Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.

Submission Preview

Link to Story

FBI Shuts Down Botnet Run by Beijing-Backed Hackers That Hijacked Over 200,000 Devices

Accepted submission by fliptop at 2024-09-20 02:05:04 from the bad-IoT dept.
Security

fliptop [soylentnews.org] writes:

"The government’s malware disabling commands, which interacted with the malware’s native functionality, were extensively tested prior to the operation," according to the DOJ [gizmodo.com]:

U.S. authorities have dismantled a massive botnet run by hackers backed by the Chinese government, according to a speech given by FBI director Christopher Wray on Wednesday. The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations.

Wray explained the operation at the Aspen Digital [youtube.com] conference and said the hackers work for a Beijing-based company called Integrity Technology Group, which is known to U.S. researchers as Flax Typhoon. The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024.

The operation to dismantle the botnet was coordinated by the FBI, the NSA, and the Cyber National Mission Force (CNMF), according to a press release dated Wednesday [ic3.gov]. The U.S. Department of Justice received a court order to take control of the botnet infrastructure by sending disabling commands to the malware on infected devices. The hackers tried to counterattack by hitting FBI infrastructure but were “ultimately unsuccessful,” according to the law enforcement agency.

About half of the devices hijacked were in the U.S., according to Wray, but there were also devices identified as compromised in South America, Europe, Africa, Southeast Asia, and Australia. And the DOJ noted in a press release that authorities in Australia, Canada, New Zealand, and the UK all helped take down the botnet.

Originally spotted on Schneier on Security [schneier.com].

Related: Chinese Malware Removed From SOHO Routers After FBI Issues Covert Commands [soylentnews.org]

Original Submission