‘Flax’ fallout as Chinese hackers launch US attack
More than 260,000 devices in North America, Europe, Africa and Southeast East targeted by hijackers
The United States has identified and taken down a botnet campaign by China-directed hackers to infiltrate further American infrastructure, as well as a variety of internet-connected devices.
FBI Director Christopher Wray announced the disruption of what he called Flax Typhoon during a cyber summit earlier this week.
He described it as part of a much larger campaign by Beijing:
Flax Typhoon hijacked Internet-of-Things devices like cameras, video recorders, and storage devices — things typically found across both big and small organizations.
“And about half of those hijacked devices were located here in the US,” Wray added.
‘Confidential data’
He said the hackers, working under the guise of a security company called Integrity Technology Group, collected information from corporations, media groups, universities, and government agencies.
“They used internet-connected devices – this time, hundreds of thousands of them – to create a botnet that helped them compromise systems and exfiltrate confidential data,” Wray said.
But Flax Typhoon’s operations were disrupted last week when the FBI, working with allies and under court orders, took control of the botnet and pursued the hackers when they tried to switch to a backup system. Wray said:
We think the bad guys finally realized that it was the FBI and our partners that they were up against. And with that realization, they burned down their new infrastructure and abandoned the botnet.
Wray pointed out that Flax Typhoon appeared to build on the exploits and tactics of another China-linked hacking group, known as Volt Typhoon.
It was identified by Microsoft in May of last year.
Volt Typhoon used office network equipment, including routers, firewalls, and VPN hardware, to disrupt communications infrastructure in Guam, home to key US military facilities.
‘Valid evidence’
On Wednesday, the Chinese Embassy in Washington rejected the accusations. Spokesperson Liu Pengyu told Voice of America in an email:
Without valid evidence, the US jumped to an unwarranted conclusion and made groundless accusations. The US itself is the origin and the biggest perpetrator of cyberattacks.
“We urge the US to stop its worldwide cyber espionage and cyberattacks, and stop smearing other countries under the excuse of cyber security,” Liu added.
The FBI and the US Cybersecurity and Infrastructure Security Agency have previously warned that Chinese-government-directed hackers, like Volt Typhoon, have been positioning themselves to launch destructive cyberattacks.
They risk jeopardizing the physical safety of Americans.
Following the FBI announcement, the US National Security Agency or NSA issued an advisory encouraging anyone with a device that Flax Typhoon compromised to apply needed patches.
It said that as of June, the Flax Typhoon botnet had infected more than 260,000 devices in North America, Europe, Africa, and Southeast East.
Compromised devices
The NSA stressed that almost half of the compromised devices were in the US. Another 18 countries, including Vietnam, Bangladesh, Albania, China, South Africa, and India, were also hit.
Jeff Seldin is Voice of America’s National Security Correspondent.
This edited article is republished courtesy of Voice of America. Read the original article here.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy of China Factor.