The head of the FBI said today that the bureau has successfully taken offline a Chinese hacking group known as “Flax Typhoon.”
According to FBI Director Christopher Wray, Flax Typhoon – similar to China state-sponsored actor Volt Typhoon – was targeting critical infrastructure in the U.S. and overseas. But unlike Volt Typhoon, Wray said, Flax Typhoon hijacked internet of things devices like cameras.
“Today, for the first time, we’re able to publicly speak about a second joint sequence operation that we conducted just last week as part of our ongoing efforts to take China’s botnets offline,” Wray said during the opening session of the Aspen Cyber Summit in D.C. “This botnet was run by a different group of hackers, again working at the direction of the Chinese government, known as Flax Typhoon.”
Wray explained that the hacking group represents itself as an information security company – the Integrity Technology Group – but “their chairman has publicly admitted that for years his company has collected intelligence and performed reconnaissance for Chinese government security agencies.”
“Flax Typhoon was targeting critical infrastructure across the U.S. and overseas, everyone from corporations and media organizations, universities, government agencies,” Wray said. “And like Volt Typhoon, they used internet connected devices, but this time, hundreds of thousands of them, to create a botnet that helped them compromise systems and exfiltrate confidential data.”
He added, “But unlike Volt Typhoon – they targeted routers – Flax Typhoon hijacked internet of things devices like cameras, video recorders, storage devices, things typically found across both big and small organizations, and about half of those hijacked devices were located here in the U.S.”
Wray said that Flax Typhoon’s actions caused “real harm” to its victims, “who had to devote precious time to clean up the mess when they discovered the malware.”
Just last week, the FBI was able to work with its partners to take down Flax Typhoon, Wray explained.
“We executed court-authorized operations to take control of the botnet’s infrastructure and when the bad guys realized what was happening, they tried to migrate their bots to new servers and even conducted a DDoS attack against us,” Wray explained. “Working with our partners, we were able to not only mitigate their attack, but also identify their new infrastructure in just a matter of hours.”
“At that point, as we began pivoting to their new servers, we think the bad guys finally realized that it was the FBI and our partners that they were up against, and with that realization, they essentially burned down their new infrastructure and abandoned their botnet,” the FBI lead said. “Ultimately, as part of this operation, we were able to identify thousands of infected devices, and then, with court authorization, issue commands to remove malware from them, prying them from China’s grip.”
Wray said he viewed the FBI’s takedown of Flax Typhoon “as another successful direction,” but added, “make no mistake, it is just one round in a much longer fight.”
“The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies, and we’re going to continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns, and bring them to light,” he concluded.