China-state IoT botnet went undetected for four years–until now
The FBI dismantled the Raptor Train botnet, linked to Chinese hackers, involving over 260,000 devices. It targeted government agencies and critical infrastructure, evading detection through reputable IP addresses.
Read original article
The FBI has dismantled a significant botnet named Raptor Train, which was operated by Chinese state-sponsored hackers for four years. This botnet primarily comprised small office and home office devices, including routers and surveillance cameras, with over 260,000 devices involved globally. At its peak in June 2023, Raptor Train had more than 60,000 compromised devices, making it the largest known botnet linked to the Chinese state. The hackers, associated with a group called Volt Typhoon, exploited the botnet to target various entities, including government agencies and defense contractors in the U.S. and Taiwan. The botnet's structure allowed it to evade detection by appearing to originate from reputable IP addresses. The FBI, along with the Cyber National Mission Force and the NSA, identified the China-based Integrity Technology Group as the controlling entity of Raptor Train, which utilized state-controlled IP addresses for its operations. FBI Director Christopher Wray highlighted the botnet's impact on critical infrastructure and the significant resources victims had to expend to mitigate the damage caused by these cyberattacks.
- The FBI dismantled the Raptor Train botnet linked to Chinese state-sponsored hackers.
- The botnet included over 260,000 compromised devices, primarily in North America and Europe.
- Raptor Train was used to target government agencies and critical infrastructure.
- The botnet's structure allowed it to evade detection by using reputable IP addresses.
- Integrity Technology Group was identified as the controlling entity of the botnet.
Related
China's APT40 gang can attack new vulnerabilities within hours
China's APT40, or Kryptonite Panda, a state-sponsored cyber group, exploits vulnerabilities rapidly. It targets organizations, using end-of-life devices and malware for data theft. Mitigation strategies are advised, but APT40's persistent attacks remain a global cybersecurity concern.
US officials announce the takedown of an AI-powered Russian bot farm
US officials and allies dismantle a Russian AI-powered bot farm with 1,000 fake accounts spreading disinformation on social media. The operation linked to RT's digital media department highlights challenges in countering AI-driven propaganda.
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
New 0-Day Attacks Linked to China's 'Volt Typhoon'
Malicious hackers linked to China's Volt Typhoon group are exploiting a zero-day vulnerability in Versa Director, urging customers to update systems to prevent potential disruptions to critical U.S. infrastructure.
FBI joint operation takes down Chinese botnet
The FBI dismantled the Flax Typhoon botnet, linked to Chinese state-sponsored cyber activities, targeting critical infrastructure and thousands of devices, while enhancing defenses against foreign cyber threats.
1 commentsRelated
China's APT40 gang can attack new vulnerabilities within hours
China's APT40, or Kryptonite Panda, a state-sponsored cyber group, exploits vulnerabilities rapidly. It targets organizations, using end-of-life devices and malware for data theft. Mitigation strategies are advised, but APT40's persistent attacks remain a global cybersecurity concern.
US officials announce the takedown of an AI-powered Russian bot farm
US officials and allies dismantle a Russian AI-powered bot farm with 1,000 fake accounts spreading disinformation on social media. The operation linked to RT's digital media department highlights challenges in countering AI-driven propaganda.
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
New 0-Day Attacks Linked to China's 'Volt Typhoon'
Malicious hackers linked to China's Volt Typhoon group are exploiting a zero-day vulnerability in Versa Director, urging customers to update systems to prevent potential disruptions to critical U.S. infrastructure.
FBI joint operation takes down Chinese botnet
The FBI dismantled the Flax Typhoon botnet, linked to Chinese state-sponsored cyber activities, targeting critical infrastructure and thousands of devices, while enhancing defenses against foreign cyber threats.