Integrity Technology Group [1] [2] [3] [4] [5] [6] [7] [8], also known as Flax Typhoon APT group, a publicly traded Chinese company [5], has been accused by the US of operating a massive botnet network since mid-2021.

Description

This botnet [1] [2] [3] [4] [5] [6] [7] [8], consisting of over 260,000 devices including routers, IoT devices [2] [4] [5] [6], and firewalls [5], targeted critical infrastructure in the US and Taiwan [6], as well as government agencies and defense contractors [7]. The FBI led an international operation to dismantle the botnet after four years of attacks. Managed using China Unicom Beijing Province Network IP addresses [2] [3] [4], the botnet exploited multiple vulnerabilities in Linux operating systems to compromise systems and exfiltrate confidential data. Integrity Technology Group was openly selling the ability to hack into consumer devices worldwide. A court-authorized law enforcement operation disrupted a botnet of over 200,000 consumer devices infected by state-sponsored hackers from Integrity Technology Group in Beijing [1]. The APT group used a variant of the Mirai malware and exploited around 70 known vulnerabilities, including zero-day vulnerabilities in Fortinet and Ivanti products [5], to gain new botnet victims [5]. The FBI has engaged with victims of these intrusions [3], finding activity consistent with known cyber threat groups RedJuliett and Ethereal Panda [3].

Conclusion

The dismantling of the botnet by the FBI has mitigated the immediate threat posed by Integrity Technology Group. However, the use of sophisticated malware and exploitation of vulnerabilities highlights the ongoing challenges in cybersecurity. Future implications include the need for enhanced collaboration between international law enforcement agencies to combat such cyber threats effectively.

References

[1] https://www.justice.gov/opa/pr/court-authorized-operation-disrupts-worldwide-botnet-used-peoples-republic-china-state
[2] https://www.csoonline.com/article/3532252/reveal-of-chinese-controlled-botnet-is-another-warning-to-cisos-to-keep-up-with-asset-and-patch-management.html
[3] https://www.capitalbrief.com/briefing/australia-accuses-chinese-hackers-of-hijacking-routers-and-iot-devices-d7fd3a9e-c8f2-467f-84f6-2f6c76df9f09/
[4] https://www.infosecurity-magazine.com/news/nsa-ncsc-china-botnet/
[5] https://www.techtarget.com/searchSecurity/news/366611357/FBI-disrupts-another-Chinese-state-sponsored-botnet
[6] https://uk.pcmag.com/security/154401/us-accuses-chinese-company-of-running-botnet-via-hijacked-routers-iot-devices
[7] https://arstechnica.com/security/2024/09/massive-china-state-iot-botnet-went-undetected-for-four-years-until-now/
[8] https://www.computing.co.uk/news/2024/security/ncsc-unmasks-chinese-company-running-massive-botnet