Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime
Chinese Hackers Build Massive Botnet Targeting US Devices
Global Botnet's Victims Are in United States, Germany, Romania and Hong KongFBI Director Christopher Wray said Wednesday the bureau seized control of a Chinese-developed botnet that maintained access to thousands of compromised devices across the globe as part of an effort to launch widespread disruptive cyberattacks.
See Also: 4 Key Elements of an ML-Powered NGFW: How Machine Learning Is Disrupting Network Security
Wray during a speech at the Aspen Cyber Summit in Washington described the bureau's actions as "one round in a much longer fight" and added, "The Chinese government is going to continue to target your organizations and our critical infrastructure."
A joint cybersecurity advisory issued the same day warned that Chinese threat actors compromised thousands of internet-connected devices worldwide while aiming to develop a botnet capable of carrying out destructive attacks across a vast range of sectors. The FBI, the National Security Agency and the Cyber Mission Force found that the botnet "has regularly maintained between tens to hundreds of thousands of compromised devices" and consisted of more than 260,000 devices as of June 2024, according to the advisory.
The agencies said compromised internet-connected devices included internet of things and home office products such as small office routers, firewalls, routers, webcams and IP cameras.
The advisory said a PRC-linked company called Integrity Technology Group was behind the botnet and used China Unicom Beijing Province network IP addresses to conduct computer intrusions targeting U.S. victims. The botnet is a version of Mirai designed to attack Linux-based operating systems and gain unauthorized control of routers, cameras and other DVRs.
The U.S. appeared to be the primary target, with an estimated 126,000 compromised devices, according to the advisory - nearly half of the entire botnet. Other victim countries include Vietnam, Germany, Romania and Hong Kong.
The FBI urged network defenders to disable unused services and ports, implement network segmentation and replace default passwords with strong passwords. The advisory also advises monitoring the network for high traffic volumes.
NSA Cybersecurity Director Dave Luber in a statement said the botnet "incorporates thousands of U.S. devices with victims in a range of sectors." The advisory also warns that activity associated with the botnet appears to be consistent with tactics used by the cyberthreat group known as Flax Typhoon, Red Juliett and Ethereal Panda.
Cybersecurity researchers found the Chinese state-sponsored group responsible in June for using open-source VPN client SoftEther to target infrastructure in Taiwan and other victim countries around the world (see: Chinese Hackers Caught Spying on Taiwanese Firms). The group reportedly compromised at least 24 organizations across Taiwan between November 2023 and April 2024, including a waste and pollution treatment company, four software companies and a facial recognition firm, among other victims.
Cyber agencies around the world - including the United Kingdom's National Cyber Security Center and offices in Canada, Australia and New Zealand - on Wednesday shared similar advisories about the botnet.