FBI boss says China 'burned down' 260k-device botnet when confronted by Feds

FBI Director Christopher Wray reported that a Chinese-backed group, Flax Typhoon, dismantled its 260,000-device botnet after the FBI intervened. The botnet, controlled by Integrity Technology Group, was used for espionage, particularly targeting U.S. critical infrastructure and Taiwanese networks. The FBI's Cyber National Mission Force, along with the NSA, took control of the botnet's command servers, prompting the Chinese operatives to launch a DDoS attack in an attempt to regain control. Ultimately, they abandoned their infrastructure upon realizing the FBI's involvement. The botnet utilized customized Mirai malware to exploit vulnerabilities in internet-connected devices. Wray also highlighted the FBI's efforts in combating ransomware, noting that the agency has assisted nearly 1,000 organizations in recovering data, saving them over $800 million. He mentioned a case where the FBI helped negotiate a ransom payment down from $450,000 to $50,000 for a cancer treatment center affected by ransomware, marking a shift in the FBI's approach to negotiating with cybercriminals. The White House is pursuing an international treaty to discourage government payments to ransomware attackers.

- Chinese spies dismantled a large botnet after FBI intervention.

- The botnet was used for espionage against U.S. critical infrastructure.

- FBI has helped recover data for nearly 1,000 organizations from ransomware attacks.

- The agency is now involved in negotiating ransom payments for victims.

- The White House is seeking an international treaty against paying cyber ransoms.