The FBI successfully dismantled a massive botnet used by Chinese government-linked hackers to target critical infrastructure in the U.S. and overseas. FBI Director Christopher Wray announced the operation at the Aspen Cyber Summit, emphasizing the ongoing threat from Chinese cyber-espionage efforts.
The botnet, controlled by the Chinese-linked Flax Typhoon group, had reportedly compromised over 260,000 devices globally, half of which were located in the U.S. The compromised devices included Internet of Things (IoT) gadgets like webcams, DVRs, and routers. These hacked devices could have been used to launch cyberattacks on U.S. companies and government agencies.
According to U.S. intelligence, Flax Typhoon, a hacking group associated with the Chinese company Integrity Technology Group, had been building this botnet since 2021. The group’s operations were designed to compromise a wide range of targets, from corporations to government institutions.
Using court authorization under Rule 41, the FBI gained control of Flax Typhoon’s command-and-control servers, effectively neutralizing the botnet. As the hackers attempted to migrate their operations to new servers, they launched a Distributed Denial of Service (DDoS) attack against the FBI, but the bureau quickly identified and thwarted the hackers’ backup infrastructure. Realizing they were up against the FBI and its partners, the hackers sabotaged their own systems, destroying their own botnet.
China has denied involvement, with a spokesperson from the Chinese Embassy calling the allegations “groundless” and accusing the U.S. of conducting its own cyberattacks against China.
While the botnet has been dismantled, cybersecurity experts caution that Flax Typhoon or similar groups could rebuild their networks.
Expanded Coverage:
