Chinese Hackers Failed To Defeat FBI Botnet Takedown

State-sponsored hackers linked to the People’s Republic of China (PRC) tried to fight back against a US takedown of their 260,000-device botnet by the FBI.

The US Justice Department announced a “court-authorised law enforcement operation that disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide.”

The FBI said that the botnet devices were infected by “PRC state-sponsored hackers working for Integrity Technology Group, a company based in Beijing, and known to the private sector as “Flax Typhoon.””

Flax Typhoon

The FBI said the botnet malware had infected numerous types of consumer devices, including small-office/home-office (SOHO) routers, internet protocol (IP) cameras, digital video recorders (DVRs), and network-attached storage (NAS) devices.

The malware connected these infected devices into a botnet, controlled by Integrity Technology Group, which was used to conduct malicious cyber activity disguised as routine internet traffic from the infected consumer devices.

The FBI took control of the hackers’ computer infrastructure and sent disabling commands through that infrastructure to the malware on the infected devices.

However during the course of this operation, the Chinese hackers attempted to interfere via a distributed denial-of-service (DDoS) attack targeting the operational infrastructure that the FBI was utilising in the takedown.

That attack was ultimately unsuccessful in preventing the FBI’s disruption of the botnet.

“The Justice Department is zeroing in on the Chinese government backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” said Attorney General Merrick B. Garland.

“As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world,” said Garland. “We will continue to aggressively counter the threat that China’s state- sponsored hacking groups pose to the American people.”

State-sponsored hackers

The FBI assessed that Integrity Technology Group, in addition to developing and controlling the botnet, is responsible for computer intrusion activities attributed to China-based hackers known by the private sector as “Flax Typhoon.”

Microsoft Threat Intelligence described Flax Typhoon as nation-state actors based out of China, active since 2021, who have targeted government agencies and education, critical manufacturing, and information technology organisations in Taiwan, and elsewhere.

Meanwhile a cybersecurity advisory describing Integrity Technology Group tactics, techniques and procedures was also published by the FBI and ‘Five Eyes’ partner agencies in Australia, Canada, New Zealand and the United Kingdom.

According to Reuters, the Chinese Embassy in Washington accused US authorities of having “jumped to an unwarranted conclusion and made groundless accusations against China,” claiming that Beijing cracks down on “all forms of cyberattacks.”

The US government had launched an operation late last year to fight a Chinese state-sponsored hacking network aimed at disrupting US military communications and US critical infrastructure.

That US operation targetted a botnet set up by a group known as Volt Typhoon, which first came to light in May 2023.