Cybersecurity agencies from Western countries have recently issued a warning about a massive botnet that is being managed by a China-based company with alleged ties to the Chinese government.
This botnet, which is reported to consist of around 260,000 devices running Mirai malware, includes a variety of devices such as firewalls, network-attached storage, SoHo routers, and IoT devices like webcams. The potential threat posed by this botnet is significant, as it could be used for distributed denial of service attacks (DDoS), network compromises, or malware delivery.
According to a joint cybersecurity advisory released by the NSA, FBI, and Cyber National Mission Force, the botnet is allegedly controlled and managed by Integrity Technology Group, a company based in China. The advisory also suggests that the company has connections to the Chinese government and uses IP addresses from China Unicom Beijing Province Network to control the network.
It has been reported that this botnet has been operational since mid-2021 and exhibits behavior that is consistent with the known tactics, techniques, and infrastructure of the cyber-threat group Flax Typhoon, also known as RedJuliett and Ethereal Panda. Devices compromised by this botnet have been identified in various regions across the globe, including North and South America, Europe, Africa, Southeast Asia, and Australia.
The majority of the botnet devices, around 51.3%, have been found in North America, while European devices make up 24.9% of the total bots. Investigators have uncovered at least 50 different Linux operating systems on the compromised devices, indicating a wide range of vulnerabilities that could be exploited by the botnet.
To mitigate the threat posed by this botnet, the NSA is urging device owners, operators, and manufacturers to update their equipment promptly. Recommendations include regular patching, using strong passwords, and disabling unused services and ports to protect against botnet infections. The agencies involved in the investigation have emphasized the importance of staying vigilant and taking proactive measures to secure devices and prevent them from being compromised.
In light of the potential risks associated with botnet operations, cybersecurity officials from various countries, including the US, UK, Canada, Australia, and New Zealand, have come together to issue a joint advisory urging organizations and individuals to follow the guidelines outlined in the advisory. By applying necessary updates to internet-connected devices, individuals can help prevent their devices from being recruited into a botnet and used for malicious purposes.
Overall, the discovery of this large-scale botnet managed by a Chinese company with alleged government connections serves as a stark reminder of the ongoing cybersecurity threats faced by individuals and organizations worldwide. Staying informed, adopting best practices for device security, and collaborating with international partners are essential steps in combating the evolving landscape of cyber threats and safeguarding against potential attacks.
Albanian 
English 
Serbian 
Croatian 