The US Justice Deptment announced that it had taken out a Chinese cyberespionage group known as Flax Typhoon. Here’s the back story:
- A global botnet of over 200,000 consumer devices, compromised by People’s Republic of China (PRC) state-sponsored hackers, has been dismantled through a court-authorized operation. The U.S. Department of Justice revealed that the botnet, managed by Beijing-based Integrity Technology Group—also known in the cybersecurity community as “Flax Typhoon”—infected devices such as SOHO routers, IP cameras, DVRs, and NAS devices. The malware covertly linked these devices into a botnet, facilitating cyberattacks disguised as routine traffic.
- The FBI’s operation gained control of the attackers’ infrastructure, sending commands to disable the malware on infected devices. During the takedown, hackers attempted to thwart FBI efforts with a DDoS attack targeting the FBI’s infrastructure, though it failed to stop the operation.
Evan Dornbush, former NSA cybersecurity expert:
“I cannot understate how important Ryan and his team at Black Lotus are to safeguarding our collective security. Kudos to Lumen for being transparent.
“The reason this threat actor goes after SOHO devices like SOHO routers and DVRs and IP cameras is because the owner/operator is neither technical nor interested.
“Network threat detection — inaccessible for most users — is critical. Forward leaning ISP and telecom companies that can advance the reach of NDR (network detection & response) should be praised for sharing their findings and allowing big action, such as a botnet takedown, to occur.
“By disrupting the threat actor’s operations, Black Lotus has made it more costly and challenging for them to carry out future attacks. Making attacks more costly is a critical and often overlooked aspect to protecting our digital infrastructure.”
I applaud the US Justice Department on executing this takedown. But I want to point out that this was consumer and SOHO based devices that this group was targeting. Which means that consumers and SOHO types are now the low hanging fruit for threat actors. And by extension need to step up their game to avoid being targets in the future.
US Justice Takes Out Chinese Backed Threat Actor “Flax Typhoon”
Posted in Commentary with tags US Justice Department on September 20, 2024 by itnerdThe US Justice Deptment announced that it had taken out a Chinese cyberespionage group known as Flax Typhoon. Here’s the back story:
Evan Dornbush, former NSA cybersecurity expert:
“I cannot understate how important Ryan and his team at Black Lotus are to safeguarding our collective security. Kudos to Lumen for being transparent.
“The reason this threat actor goes after SOHO devices like SOHO routers and DVRs and IP cameras is because the owner/operator is neither technical nor interested.
“Network threat detection — inaccessible for most users — is critical. Forward leaning ISP and telecom companies that can advance the reach of NDR (network detection & response) should be praised for sharing their findings and allowing big action, such as a botnet takedown, to occur.
“By disrupting the threat actor’s operations, Black Lotus has made it more costly and challenging for them to carry out future attacks. Making attacks more costly is a critical and often overlooked aspect to protecting our digital infrastructure.”
I applaud the US Justice Department on executing this takedown. But I want to point out that this was consumer and SOHO based devices that this group was targeting. Which means that consumers and SOHO types are now the low hanging fruit for threat actors. And by extension need to step up their game to avoid being targets in the future.
Leave a comment »