09/26/2024 / By Belle Carter
Federal Bureau of Investigation (FBI) Director Christopher Wray recently said that the agency has disrupted a major hacking group nicknamed “Flax Typhoon,” an allegedly China-backed cybercrime group that threatened to hold more expansive power over key infrastructure in the United States.
The said hacking campaign, also known as Ethereal Panda and Red Juliett, has so far infected home routers, firewalls, storage devices and Internet of Things devices like cameras and video recorders. As of June, its botnet included more than 260,000 malware-infected devices across North America, South America, Europe, Africa, Southeast Asia and Australia, according to a U.S. government advisory.
Wray said at a cybersecurity conference in Washington that Flax Typhoon was being run by a Chinese company called the Integrity Technology Group, which “collected intelligence and performed reconnaissance for Chinese government security agencies.”
The director also said the operation against Flax Typhoon took place earlier this month. He noted that Flax Typhoon was targeting not only critical infrastructure but also corporations, media organizations, universities and government agencies.
Reuters reported that the hacking campaign routed their malicious traffic through something called “a botnet,” a network of hijacked devices that in this case included cameras and digital storage devices. When the FBI tried to take control of the botnet’s infrastructure, the hackers responded with a cyberattack before abandoning the fight.
“When the bad guys realized what was happening, they tried to migrate their bots to new servers, and even conducted a DDoS [distributed denial of service] attack against us,” Wray said. “Working with our partners, we were able to not only mitigate their attack but also identify their new infrastructure in just a matter of hours.”
“At that point, as we began pivoting to their new servers, these guys finally realized it was the FBI and our partners that we were up against. And with that realization, they essentially burned down their new infrastructure and abandoned their salvation efforts.”
Meanwhile, the Chinese Embassy in Washington accused U.S. authorities of having “jumped to an unwarranted conclusion and made groundless accusations against China,” claiming that Beijing cracks down on “all forms of cyberattacks.”
This is not the first encounter of the U.S. with a Chinese-backed hacking group. Earlier this year, the country’s top cybersecurity officials warned Congress about a similar cybercrime group known as “Volt Typhoon,” and shared that they had taken down that hacking group’s network of infected devices. In May 2023, Volt Typhoon accessed several major critical infrastructure organizations, including a West Coast port, a utility in Hawaii and at least one oil and gas pipeline.
Earlier this year, a report by U.S. and allied security agencies indicated that Chinese hackers trying to infiltrate transportation hubs and other critical American infrastructure have had access to some of their targets’ computer networks for “at least five years” now. (Related: White House official: China maintained PERSISTENT ACCESS to U.S. networks for years.)
According to the nearly 50-page report, the Chinese hackers’ activity began much earlier than previously known, with the hackers scoping and accessing IT systems years ago. From there, they have spent months looking for ways to maneuver onto more sensitive industrial systems that help control power flow and water.
Back then, the spokesperson for the Chinese Embassy in Washington Liu Pengyu denied the U.S. hacking allegations and accused Washington of conducting its own cyberattacks.
Meanwhile, Chinese-operated hacking campaigns continue. In August, cybersecurity experts said massive efforts by the U.S. to curb the attacks haven’t made a dent, particularly on the Volt Typhoon.
“Volt Typhoon is active to this day,” Sherrod DeGrippo, director of threat intelligence strategy at the tech giant Microsoft, said on the sidelines of the BlackHat conference. “Have they stopped? Absolutely not. Will they stop? Doubt it.”
“Generally, there has not been a change in the targeting at all,” DeGrippo added. “I would say we’re about the same volume, but what the story is there to me … is actually the consistency and the persistence. We don’t see big changes there.”
Alex Stamos, chief information security officer of cyber group SentinelOne and former chief security officer at Meta, agreed with the statement and noted that the Biden administration’s efforts have not made any difference in stopping China from its efforts.
“The fact that it does not deter them does scare me,” Stamos lamented.
Check out CyberWar.news to read more stories similar to this.
Watch the video below where Chinese President Xi Jinping commits to a “stable relationship” with the United States.
This video is from the TrendingNews channel on Brighteon.com.
Leaked documents reveal China’s hacking abilities and potential targets.
Sources include:
Tagged Under:
China, Christopher Wray, communist China, cyber war, cyberattacks, espionage, FBI, Flax Typhoon, Glitch, hackers, hacking campaign, hijacking devices, Internet of Things, malware, privacy watch, surveillance, U.S. infrastructure, Volt Typhoon
This article may contain statements that reflect the opinion of the author
COPYRIGHT © 2017 CYBER WAR NEWS