Washington — The United States has identified and taken down a botnet campaign by China-directed hackers to further infiltrate American infrastructure as well as a variety of internet-connected devices.
FBI Director Christopher Wray announced the disruption of what he called Flax Typhoon during a cyber summit Wednesday in Washington, describing it as part of a much larger campaign by Beijing.
“Flax Typhoon hijacked Internet-of-Things devices like cameras, video recorders and storage devices — things typically found across both big and small organizations,” Wray said. “And about half of those hijacked devices were located here in the U.S.”
Wray said the hackers, working under the guise of an information security company called the Integrity Technology Group, collected information from corporations, media organizations, universities and government agencies.
“They used internet-connected devices — this time, hundreds of thousands of them — to create a botnet that helped them compromise systems and exfiltrate confidential data,” he said.
But Flax Typhoon’s operations were disrupted last week when the FBI, working with allies and under court orders, took control of the botnet and pursued the hackers when they tried to switch to a backup system.
“We think the bad guys finally realized that it was the FBI and our partners that they were up against,” Wray said. “And with that realization, they essentially burned down their new infrastructure and abandoned their botnet.”
Wray said Flax Typhoon appeared to build on the exploits and tactics of another China-linked hacking group, known as Volt Typhoon, which was identified by Microsoft in May of last year.
Volt Typhoon used office network equipment, including routers, firewalls and VPN hardware, to infiltrate and disrupt communications infrastructure in Guam, home to key U.S. military facilities.
The Chinese Embassy in Washington Wednesday rejected the U.S accusations.
“Without valid evidence, the U.S. jumped to an unwarranted conclusion and made groundless accusations” Chinese Embassy spokesperson Liu Pengyu told VOA in an email, responding to the allegations about Flax Typhoon.
“The U.S. itself is the origin and the biggest perpetrator of cyberattacks,” Liu added. “We urge the U.S. to stop its worldwide cyber espionage and cyberattacks, and stop smearing other countries under the excuse of cyber security.”
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency have previously warned that Chinese-government directed hackers, like Volt Typhoon, have been positioning themselves to launch destructive cyberattacks that could jeopardize the physical safety of Americans.
Following Wednesday’s announcement by the FBI, the U.S. National Security Agency (NSA) issued an advisory encouraging anyone with a device that was compromised by Flax Typhoon to apply needed patches.
It said that as of this past June, the Flax Typhoon botnet was making use of more than 260,000 devices in North America, Europe, Africa and Southeast East.
The NSA said almost half of the compromised devices were in the U.S. Another 18 countries, including Vietnam, Bangladesh, Albania, China, South Africa and India, were also impacted.