U.S. authorities thwart another China

On September 19, U.S. authorities announced the dismantling of a China-backed botnet operated by the hacker group Flax Typhoon. This operation freed hundreds of thousands of infected devices, including routers and cameras, which had been compromised to exfiltrate confidential data. The botnet targeted critical infrastructure and various sectors, including public and private entities, as well as academia and media. The Justice Department revealed that over 200,000 of the infected devices were located in the United States, allowing hackers to conduct malicious activities disguised as normal Internet traffic. The operation was executed through a court-authorized law enforcement initiative, which successfully took control of the malicious infrastructure. During the disbanding, Chinese hackers attempted to intervene but were unsuccessful. Flax Typhoon was identified as operating under the guise of a legitimate company, Integrity Technology Group, based in Beijing, which had developed an online application for controlling infected devices. FBI Director Christopher Wray emphasized that this disruption is part of an ongoing battle against cyber threats posed by the Chinese government. He noted that the group had been active since mid-2021 and had caused significant harm to its victims, including a California company that faced a major cybersecurity incident, leading to financial losses and operational downtime. Wray reiterated the commitment of U.S. authorities to continue identifying and disrupting malicious activities targeting critical infrastructure, highlighting the persistent threat posed by state-sponsored hackers and their proxies.