The successful takedown of a massive botnet controlled by People’s Republic of China (PRC) state-sponsored hackers has been hailed as a significant cyber operation by the U.S. Justice Department. Known as “Raptor Train” and managed by hackers associated with Integrity Technology Group, a Beijing-based company with the alias “Flax Typhoon,” the botnet had infected over 200,000 devices worldwide, including home routers, IP cameras, and DVRs.
In response to the threat posed by the botnet, U.S. authorities executed a court-authorized operation to neutralize it by sending disabling commands to the infected devices. Despite facing a Distributed Denial of Service (DDoS) attack aimed at thwarting their efforts, the operation was ultimately successful in dismantling the malicious network.
Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco both strongly condemned the actions of the PRC-backed hackers, emphasizing the Justice Department’s unwavering commitment to safeguarding national security and protecting Americans from cyber threats. FBI Deputy Director Paul Abbate commended the agency’s collaborative efforts with international partners, which played a key role in disrupting the botnet infrastructure.
The botnet, which had been active since July of the previous year, was primarily used by Flax Typhoon hackers to target government, academic, and critical infrastructure entities globally. Microsoft Threat Intelligence corroborated these findings and highlighted the group’s activities dating back to 2021.
Following the successful operation, the FBI, alongside cybersecurity agencies from various countries such as Australia, Canada, and the UK, released a detailed advisory outlining the tactics employed by Integrity Technology Group and offering guidance on remediation for affected users. The collaborative efforts of partners, including French authorities, Lumen Technologies’ threat intelligence group, and Black Lotus Labs, were crucial to the operation’s success.
Former NSA cybersecurity expert Evan Dornbush praised Black Lotus Labs for their role in safeguarding collective security and commended Lumen for their transparency in sharing information about the threat actor behind the botnet. He emphasized the importance of network threat detection, particularly for less tech-savvy users, and applauded ISPs and telecom companies for facilitating the takedown by sharing their findings.
In addition to dismantling the botnet, the FBI is actively engaging with U.S. victims through internet service providers to alert them about compromised devices. Individuals are encouraged to report any suspected breaches to the FBI’s Internet Crime Complaint Center (IC3) or the Cybersecurity and Infrastructure Security Agency (CISA) to prevent further damage.
This operation marks the second successful disruption of a China-sponsored botnet by U.S. authorities this year, underscoring their commitment to dismantling cyber networks that pose a threat to global cybersecurity. The collective efforts of law enforcement agencies and cybersecurity experts have proven instrumental in tackling malicious cyber activities and protecting the digital infrastructure.