FBI Director Christopher Wray Reveals Details on Flax Typhoon Botnet
Last week, the FBI took control of a botnet consisting of hundreds of thousands of internet-connected devices, such as cameras, video recorders, storage devices, and routers. The botnet was run by a Chinese government hacking group known as Flax Typhoon.
Flax Typhoon’s Targets
According to FBI Director Christopher Wray, the Flax Typhoon botnet targeted critical infrastructure across the U.S. and overseas, including corporations, media organizations, universities, and government agencies.
"But working in collaboration with our partners, we executed court-authorized operations to take control of the botnet’s infrastructure," Wray said at the Aspen Cyber Summit cybersecurity conference on Wednesday.
How Flax Typhoon Operated
The FBI revealed that once authorities took control of the botnet’s infrastructure, they removed the malware from compromised devices. However, when the bad guys realized what was happening, they tried to migrate their bots to new servers and even conducted a Distributed Denial of Service (DDoS) attack against the authorities.
Background on Flax Typhoon
Flax Typhoon is not the first Chinese government-backed hacking group to be targeted by U.S. agencies. Earlier this year, Microsoft published a report about Flax Typhoon, saying the group targeted dozens of organizations in Taiwan.
"The group has been active since mid-2021 and targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan," the report stated.
ESET’s Research on Flax Typhoon
Cybersecurity company ESET wrote a report on Wednesday stating that it observed Flax Typhoon compromise several Microsoft Exchange servers in Taiwan. The group targeted several government organizations, but also a consulting firm, a travel booking software company, and the pharmaceuticals and electronics verticals.
The U.S.-China Cyber Tensions
This latest takedown of infrastructure linked to China-backed hacking efforts and cyberattacks comes amid warnings by senior U.S. officials about efforts by China to cause real-world harm to Americans in the event of a future conflict with China.
Other Chinese Government-Backed Hacking Groups
The U.S. government has disrupted the activities of another Chinese government hacking group known as Volt Typhoon, which has been actively targeting U.S. internet providers and critical infrastructure. The U.S. government said at the time that Volt Typhoon is preparing to launch cyberattacks with the ability to cause destructive cyberattacks in the event of a future conflict with the United States.
The Botnet’s Scope
According to the joint advisory published on Wednesday, the botnet consisted of 260,000 compromised devices. The authorities found a database of over 1.2 million records of compromised devices, including over 385,000 unique U.S. victim devices.
Conclusion
The FBI’s takedown of the Flax Typhoon botnet is a significant development in the ongoing cyber tensions between the U.S. and China. As the threat landscape continues to evolve, it is essential for both governments and private entities to remain vigilant and take proactive measures to protect themselves against these types of threats.
Recommendations
To mitigate the risks associated with botnets like Flax Typhoon, we recommend the following:
- Keep your software up-to-date and apply security patches regularly
- Use strong passwords and enable two-factor authentication whenever possible
- Use reputable antivirus software to detect and remove malware
- Be cautious when opening email attachments or clicking on links from unknown sources
By taking these simple steps, you can significantly reduce the risk of falling victim to a botnet like Flax Typhoon.
