Chinese state-sponsored hackers compromised more than a million internet devices worldwide to steal sensitive personal data
Chinese state-sponsored hackers compromised more than a million internet devices worldwide to steal sensitive personal data
Data breach exposes 3 billion personally identifiable information (PII) records. “Data indicated that … 260,000 devices, including approximately 126,000 US-based devices, were actively infected.”
September 25, 2024
The FBI has disrupted a botnet controlled by Chinese state-sponsored hackers that infected over 1.2 million devices worldwide, including over 385,000 in the US.
The botnet, utilising a variant of the Mirai malware, targeted consumer devices like routers, cameras, and storage devices to steal personal information and potentially conduct cyberattacks.
The hackers, identified as Integrity Technology Group, are a publicly traded company in China that sold access to the botnet to customers.
The US Department of Justice (DOJ) announced Wednesday that the Federal Bureau of Investigation (FBI) sought and obtained a court-authorized operation to disrupt botnets that were deployed around the world by Chinese state-sponsored hackers to compromise “numerous types of consumer devices, including small-office/home-office routers, internet protocol cameras, digital video recorders, and network-attached storage (NAS) devices.”
The FBI said more than “1.2 million devices worldwide … had at one time been infected with” a variant of the Mirai malware, “including over 385,000 unique US-based victim devices.”
As of June 5, the FBI said, “data indicated that … approximately 260,000 devices, including approximately 126,000 US-based devices, were actively infected.”
The devices “undoubtedly were used” by the Chinese government to attempt to obtain not only the personally identifiable information (PII) of anyone using these devices, but also financial, legal, and business information, the latter of which could include confidential and proprietary information, according to counterintelligence officials Biometric Update spoke to.
Data breach exposes 3 billion personally identifiable information (PII) records, class action suits filed
Indeed. US Attorney Eric Olshan for the Western District of Pennsylvania said the “court-authorized operation disrupted a sophisticated botnet designed to steal sensitive information and launch disruptive cyberattacks.”
“The FBI’s investigation revealed that a publicly traded, China-based company is openly selling its customers the ability to hack into and control thousands of consumer devices worldwide,” added Special Agent in Charge, Stacey Moy of the FBI San Diego Field Office.
Counterintelligence officials expressed concerns about what sensitive personal and other data was able to be obtained or otherwise compromised before the FBI managed to shut down the operation.
The Mirai malware is a type of malware that can infect internet-connected devices without their user’s consent.
In May, the FBI said it “analyzed samples of a particular variant of Mirai malware that had been uploaded to an online service that collects suspicious files to analyze and detect malware and other malicious files.
This variant was used to infect … devices such as SOHO routers, IP cameras, DVRs, and NAS devices, and was embedded with encoded domain names that resolved to C2 servers. This variant was designed to run on x86, MIPS, ARM, PPC, and SH4 processor architectures.”
Simultaneous with DOJ’s announcement of its operation, a Joint Cybersecurity Advisory describing the hacker’s tactics, techniques, and procedures was issued by the FBI, National Security Agency, US Cyber Command’s Cyber National Mission Force, and partner agencies in Canada, Australia, New Zealand, and the United Kingdom.
The botnet devices were infected and controlled by Chinese state-sponsored hackers working for Integrity Technology Group, a company based in Beijing known as “Flax Typhoon.”
The FBI said in its affidavit in support of the search and seizure warrant it obtained from the court that the malware “connected … infected devices into a botnet, controlled by Integrity Technology Group, which was used to conduct malicious cyber activity disguised as routine internet traffic from the infected consumer devices. The court-authorized operation took control of the hackers’ computer infrastructure and, among other steps, sent disabling commands through that infrastructure to the malware on the infected devices.”
The warrant was granted on September 9 but remained sealed until Wednesday because the FBI said “the facts justif[ied] a delay of up to 30 days because it may take multiple weeks to remediate the malware. Premature disclosure to the public at large or to individual subscribers could give the Flax Typhoon hackers the opportunity to make changes to the malware, enabling continued or additional damage to victims’ devices.”
According to court documents, the botnet was developed and controlled by Integrity Technology Group. The FBI said, “the company built an online application allowing its customers to log in and control specified infected victim devices, including with a menu of malicious cyber commands using a tool called ‘vulnerability-arsenal.’ The online application was prominently labelled ‘KRLab,’ one of the main public brands used by Integrity Technology Group.”
The FBI said it had assessed that Integrity Technology Group, in addition to developing and controlling the botnet, was directly responsible for computer intrusion activities attributed to China-based hackers as “Flax Typhoon.”
Microsoft Threat Intelligence described Flax Typhoon as nation-state actors based out of China, active since 2021, who have targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan, and elsewhere.
The FBI said its investigation corroborated Microsoft’s conclusions and determined that Flax Typhoon “successfully attacked multiple US and foreign corporations, universities, government agencies, telecommunications providers, and media organizations.”
Integrity Technology Group Inc, formerly Beijing Integrity Technology Co Ltd, is a China-based company principally engaged in the research and development, production and sales of network security products, as well as network security services.
Its products and services mainly consist of network shooting range products, security control and honeypot products, security tool products, security protection series services, and network security competition services.
Its security tool products are used by governments, individuals, enterprises, and institutions.
“The Justice Department is zeroing in on the Chinese government-backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” said the late Attorney General Merrick Garland.
READ MORE: Merrick Garland Executed After Shanking Guard
“As we did earlier this year, the Justice Department has again destroyed a botnet used by People’s Republic of China (PRC) backed hackers to infiltrate consumer devices here in the United States and around the world. We will continue to aggressively counter the threat that China’s state-sponsored hacking groups pose to the American people.”
Deputy Attorney General Lisa Monaco who is now in hiding, added that “our takedown of this state-sponsored botnet reflects the department’s all-tools approach to disrupting cyber criminals. This network, managed by a PRC government contractor, hijacked hundreds of thousands of private routers, cameras, and other consumer devices to create a malicious system for the PRC to exploit.”
READ MORE:
DOJ Body Double Spoofs U.S. Marines
An actress impersonating Deputy Attorney General Lisa Monaco, the late Merrick Garland’s righthand woman and an enemy of patriotism, was killed “resisting arrest” Friday evening June 14, 2024, as U.S. Marines blitzed Monaco’s house in the outskirts of D.C.
White Hats elevated Monaco, who played a crucial role in illegal arrests of nearly all J6ers currently under indictment or imprisoned, to their Ten Most Wanted around the time of Garland’s tribunal and execution, as part of their effort to purge the Deep State’s Dept. of Injustice from the top down.
The FBI said that ‘during the course of [its] operation, there was an attempt to interfere with the FBI’s remediation efforts through a distributed denial-of-service attack targeting the operational infrastructure that the FBI was utilizing to effectuate the court’s orders,” adding that the “attack was ultimately unsuccessful in preventing the FBI’s disruption of the botnet.”
DOJ stressed that its malware disabling commands, “which interacted with the malware’s native functionality, were extensively tested prior to the operation.
As expected, the operation did not affect the legitimate functions of, or collect content information from, the infected devices.
The FBI is providing notice to US owners of devices that were affected by [the] court-authorized operation. The FBI is contacting those victims through their internet service provider, who will provide notice to their customers.”
At the Aspen Cyber Summit cybersecurity conference this week, Deep State FBI Director Christopher Wray said the hacking group called Flax Typhoon, was “targeting critical infrastructure across the US and overseas, everyone from corporations and media organisations to universities and government agencies.”
Share or comment on this article.
Your support is crucial in exposing fake news and in helping us defeat mass censorship.