Yesterday, The NSA, FBI, the U.S. Cyber Command’s Cyber National Mission Force (CNMF), and international allies, published a Joint cybersecurity advisory (CSA) “People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations”. The Joint CSA states that PRC-linked cyber actors have compromised thousands of internet-connected devices, including small office/home office routers, firewalls, network-attached storage, and Internet of Things devices with the goal of creating a network of compromised nodes (a “botnet”) positioned for malicious activity. The advisory delivers up-to-date insights on botnet infrastructure, the countries where affected devices are found, and strategies for securing devices and addressing this threat.
FBI Director Chris Wray confirmed yesterday that the same botnet (known as "Raptor Train"),operated by the state-sponsored Chinese threat actor Flax Typhoon, has been disrupted by law enforcement and was subsequently abandoned by the group. The botnet infected over 260,000 networking devices and is said to have targeted critical infrastructure in the U.S. and other countries. For more information, visit Help Net Security. Access the full joint advisory at the FBI’s IC3.