1. Home
  2. According to the FBI, a significant Chinese hacking operation that endangered US critical infrastructure has been thwarted.
Top News

According to the FBI, a significant Chinese hacking operation that endangered US critical infrastructure has been thwarted.

| 18 September 2024
According to the FBI, a significant Chinese hacking operation that endangered US critical infrastructure has been thwarted.

FBI Director Christopher Wray announced on Wednesday that the FBI had utilized a court order to take control of a network of hundreds of thousands of compromised internet routers and other devices that were being used by hackers connected to the Chinese government to endanger vital infrastructure both domestically and internationally.

Wray stated, "It is just one round in a much longer fight," during a speech in Washington, DC at the Aspen Cyber Summit. "The Chinese government will keep attacking our vital infrastructure and your organizations."

According to a warning issued by the US and its "Five Eyes" allies (the English-speaking alliance that includes Australia, Canada, New Zealand, and the United Kingdom), the vast network of compromised devices, known as a botnet, posed a threat that Chinese hackers could have used to carry out targeted cyberattacks on US companies or government agencies. According to US officials, as of June, the botnet contained approximately 260,000 compromised devices from all over the world, including Australia and North and South America. About half of the compromised devices, which included routers, DVRs, and webcams, were based in the US, according to Wray.

A representative for the Chinese Embassy in Washington referred to the US accusations as "baseless" and charged that China was the target of cyberattacks by the US government.

It's the most recent tit-for-tat in the sometimes contentious internet relations between the US and China. The US administration has long been aware of the existence of a second hacking group backed by the Chinese government, which is ready to take use of its access to US transportation and communication networks in order to obstruct any US reaction to a possible Chinese invasion of Taiwan.

In January, Wray told Congress that the Chinese hacking squad was getting ready to "wreak havoc and cause real-world harm" to the US.

A preferred instrument

According to Wray's address, the botnet that the FBI and its allies targeted on Wednesday was a live threat.

One unidentified California-based firm experienced "an all-hands-on deck cybersecurity incident" as a result of the botnet, which resulted in "significant financial loss," according to the FBI director.

However, the botnet's potential was more of a focus of Wednesday's takedown than its actual actions. Experts claim that for many months, the army of zombie computers has posed a silent but serious threat to US government networks. According to US IT company Lumen Technologies, which looked into the behavior, the botnet's controllers "conducted extensive scanning efforts" of US military and other government agencies in late December 2023.

The reason why state-sponsored hackers and cybercriminals alike favor botnets is that most people worldwide are oblivious to the fact that their computers have been taken over for espionage or scamming. In February, the FBI announced that it had assisted in taking down a network of more than a thousand compromised internet routers that the Russian military intelligence agency was purportedly exploiting for cyberespionage against the US and its allies in Europe.

Researchers from Lumen have discovered that the Chinese botnet that was targeted on Wednesday was capable of carrying out customized cyberattacks on the devices it had infiltrated.

Researchers at Lumen are keeping an eye out for clues that the Chinese hackers plan to revive the botnet. Nonetheless, Danny Adamitis, principal information security engineer at Lumen's Black Lotus Labs threat intelligence branch, told CNN that as of September 18, "we assess that the botnet has been taken offline due to a combination of law enforcement efforts and null routing."

Internet service providers can employ a technique called null routing to prevent data from being transmitted to a certain IP address.

US officials claim that Integrity Technology Group, a Chinese business, has been in charge of managing the botnet for the past three years. CNN has asked the business for a statement.

According to Dakota Cary, a China-focused analyst with security firm SentinelOne, the Chinese tech company is "involved in many of China's most important programs and efforts to improve its hacking capabilities," CNN reported. "The company's naming is significant because it allows researchers to look into the company further and shows allied governments' visibility into China's operations."