FBI Leads Takedown of Chinese Botnet Impacting 200K Devices

Once a user's device is infected as part of an ongoing Flax Typhoon APT campaign, the malware connects it to a botnet called Raptor Train, initiating malicious activity.

Dark Reading Staff, Dark Reading

September 19, 2024

2 Min Read
A microchip in the shape of the Chinese flag surrounded by a device's internal hardware
Source: Science Photo Library via Alamy Stock Photo

The Justice Department today announced a court-authorized operation to disrupt a botnet affecting 200,000 devices in the United States and abroad.

According to unsealed documents, the botnet, known as Raptor Train, is operated by People's Republic of China (PRC) state-sponsored hackers working for a company based in Beijing. Known publicly as Integrity Technology Group, it is also known as the advanced persistent threat (APT) group Flax Typhoon in the private sector.

A variety of connected and Internet of things (IoT) devices have been affected by the botnet malware, including small-office/home-office (SOHO) routers, Internet protocol cameras, digital video recorders, and network-attached storage (NAS) devices.

According to the Justice Department, the malware connected each of these affected devices to the botnet, which then conducted malicious cyberactivity designed as routine Internet traffic.

Integrity Technology Group, which is responsible for the malicious activities conducted by Flax Typhoon hackers, developed and controlled the botnet. In the past, Flax Typhoon has targeted government agencies, critical manufacturing, and information technology organizations in Taiwan as well as other countries. Not only this, but it has also attacked US and foreign universities, corporations, government organizations, and media organizations, among others. 

Related:With 'TPUXtract,' Attackers Can Steal Orgs' AI Models

"The Justice Department is zeroing in on the Chinese government-backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security," said US Attorney General Merrick B. Garland. "As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world. We will continue to aggressively counter the threat that China's state-sponsored hacking groups pose to the American people."

The takedown was a joint effort between the FBI, the US Attorney's Office for the Western District of Pennsylvania, and the National Security Cyber Section of the Justice Department’s National Security Division, with collaboration of French authorities, Lumen Technologies, and Black Lotus Labs, the group that first identified the botnet.

Should a user believe that their device is compromised, they can contact an FBI field office directly, report online to CISA, or visit the FBI's Internet Crime Complaint Center (IC3).

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights