Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Chinese Hackers Build Massive Botnet Targeting US Devices

Global Botnet's Victims Are in United States, Germany, Romania and Hong Kong
Chinese Hackers Build Massive Botnet Targeting US Devices
The FBI urged network defenders to implement proper segmentation and monitor for high-volume traffic. (Image: Shutterstock)

FBI Director Christopher Wray said Wednesday the bureau seized control of a Chinese-developed botnet that maintained access to thousands of compromised devices across the globe as part of an effort to launch widespread disruptive cyberattacks.

See Also: Panel | Cyberattacks Are Increasing — And Cyber Insurance Rates Are Skyrocketing

Wray during a speech at the Aspen Cyber Summit in Washington described the bureau's actions as "one round in a much longer fight" and added, "The Chinese government is going to continue to target your organizations and our critical infrastructure."

A joint cybersecurity advisory issued the same day warned that Chinese threat actors compromised thousands of internet-connected devices worldwide while aiming to develop a botnet capable of carrying out destructive attacks across a vast range of sectors. The FBI, the National Security Agency and the Cyber Mission Force found that the botnet "has regularly maintained between tens to hundreds of thousands of compromised devices" and consisted of more than 260,000 devices as of June 2024, according to the advisory.

The agencies said compromised internet-connected devices included internet of things and home office products such as small office routers, firewalls, routers, webcams and IP cameras.

The advisory said a PRC-linked company called Integrity Technology Group was behind the botnet and used China Unicom Beijing Province network IP addresses to conduct computer intrusions targeting U.S. victims. The botnet is a version of Mirai designed to attack Linux-based operating systems and gain unauthorized control of routers, cameras and other DVRs.

The U.S. appeared to be the primary target, with an estimated 126,000 compromised devices, according to the advisory - nearly half of the entire botnet. Other victim countries include Vietnam, Germany, Romania and Hong Kong.

The FBI urged network defenders to disable unused services and ports, implement network segmentation and replace default passwords with strong passwords. The advisory also advises monitoring the network for high traffic volumes.

NSA Cybersecurity Director Dave Luber in a statement said the botnet "incorporates thousands of U.S. devices with victims in a range of sectors." The advisory also warns that activity associated with the botnet appears to be consistent with tactics used by the cyberthreat group known as Flax Typhoon, Red Juliett and Ethereal Panda.

Cybersecurity researchers found the Chinese state-sponsored group responsible in June for using open-source VPN client SoftEther to target infrastructure in Taiwan and other victim countries around the world (see: Chinese Hackers Caught Spying on Taiwanese Firms). The group reportedly compromised at least 24 organizations across Taiwan between November 2023 and April 2024, including a waste and pollution treatment company, four software companies and a facial recognition firm, among other victims.

Cyber agencies around the world - including the United Kingdom's National Cyber Security Center and offices in Canada, Australia and New Zealand - on Wednesday shared similar advisories about the botnet.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.