Washington — The United States has once again taken a strong stance against cyber threats, this time targeting a botnet campaign by China-directed hackers. The operation, known as Flax Typhoon, was identified and disrupted by the FBI, with the help of allies and under court orders.
FBI Director Christopher Wray announced the successful takedown of Flax Typhoon during a cyber summit in Washington on Wednesday. He described it as part of a larger campaign by Beijing to infiltrate American infrastructure and gather sensitive information from a variety of internet-connected devices.
According to Wray, Flax Typhoon targeted Internet-of-Things (IoT) devices such as cameras, video recorders, and storage devices, which are commonly used in both big and small organizations. Shockingly, about half of the hijacked devices were located in the United States.
The hackers, operating under the guise of an information security company called the Integrity Technology Group, were able to collect information from corporations, media organizations, universities, and government agencies. They used these devices to create a botnet, a network of compromised devices that can be controlled remotely, to infiltrate systems and steal confidential data.
However, the FBI was able to disrupt Flax Typhoon’s operations last week by taking control of the botnet and pursuing the hackers when they attempted to switch to a backup system. Wray believes that the hackers finally realized they were up against the FBI and its partners, leading them to abandon their botnet and destroy their infrastructure.
This operation is a significant blow to the hackers, as it appears to have been built on the exploits and tactics of another China-linked hacking group known as Volt Typhoon. This group was identified by Microsoft in May of last year and was responsible for using office network equipment to infiltrate and disrupt communications infrastructure in Guam, home to key U.S. military facilities.
The Chinese Embassy in Washington has rejected the U.S. accusations, stating that there is no valid evidence to support them. Embassy spokesperson Liu Pengyu told VOA in an email that the U.S. has jumped to an unwarranted conclusion and made groundless accusations. Liu also added that the U.S. is the origin and biggest perpetrator of cyberattacks and urged them to stop their worldwide cyber espionage and attacks.
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency have previously warned about China-directed hackers positioning themselves to launch destructive cyberattacks that could jeopardize the physical safety of Americans. This latest operation by the FBI serves as a strong message to these hackers that their actions will not be tolerated.
In response to the announcement by the FBI, the U.S. National Security Agency (NSA) has issued an advisory encouraging anyone with a device that was compromised by Flax Typhoon to apply necessary patches. The NSA also revealed that as of June this year, the botnet was using over 260,000 devices in North America, Europe, Africa, and Southeast Asia. Almost half of these devices were located in the U.S., with 18 other countries also impacted, including Vietnam, Bangladesh, Albania, China, South Africa, and India.
This successful takedown of Flax Typhoon highlights the importance of cybersecurity and the need for individuals and organizations to take necessary precautions to protect their devices and networks. It also serves as a reminder that cyber threats are a global issue and require cooperation and collaboration between countries to combat them effectively.
The U.S. government has once again shown its commitment to protecting its citizens and infrastructure from cyber threats. This operation serves as a warning to other countries and hackers that the U.S. will not hesitate to take action against those who attempt to harm its interests.
In conclusion, the disruption of Flax Typhoon by the FBI is a significant achievement in the fight against cyber threats. It sends a strong message to China-directed hackers and serves as a reminder of the importance of cybersecurity in today’s digital world. The U.S. government’s swift and decisive action in this operation should be commended, and it is a testament to their dedication to keeping Americans safe.