The recent announcement from the Justice Department revealed a significant operation aimed at disrupting a botnet that has impacted over 200,000 devices in the United States and internationally. Unsealed documents indicated that the botnet, named Raptor Train, is operated by state-sponsored hackers affiliated with the People’s Republic of China (PRC) and operating under the guise of a company based in Beijing known as Integrity Technology Group, also referred to as the Flax Typhoon in the private sector.
Various connected devices, including small-office/home-office (SOHO) routers, Internet protocol cameras, digital video recorders, and network-attached storage (NAS) devices, have been affected by the botnet malware. The botnet malware orchestrated by Integrity Technology Group connected these devices to conduct malicious cyber activities disguised as routine internet traffic.
The malicious activities conducted by the hackers working under Flax Typhoon’s umbrella have targeted government agencies, critical manufacturing and IT sectors in Taiwan, as well as other countries. These hackers have also launched attacks on educational institutions, corporations, government entities, media organizations, and more, both in the US and abroad.
US Attorney General Merrick B. Garland emphasized the importance of addressing Chinese government-backed hacking groups that jeopardize national security by targeting innocent Americans’ devices. He reiterated the Justice Department’s commitment to dismantling botnets used by PRC-backed hackers to infiltrate consumer devices worldwide.
The takedown operation was a collaborative effort involving the FBI, the US Attorney’s Office for the Western District of Pennsylvania, and the National Security Cyber Section of the Justice Department’s National Security Division. Additionally, French authorities, Lumen Technologies, and Black Lotus Labs, the group credited with first identifying the botnet, participated in the coordinated effort.
Individuals concerned about compromised devices were encouraged to reach out to an FBI field office directly, report online to CISA, or visit the FBI’s Internet Crime Complaint Center (IC3) for assistance.
The disruption of the Raptor Train botnet marks a significant milestone in the ongoing battle against cyber threats posed by state-sponsored hacking groups. By dismantling such operations, law enforcement agencies aim to protect the integrity of connected devices and safeguard individuals and organizations from malicious cyber activities orchestrated by threat actors with nefarious intentions. The collaboration between international authorities and private sector entities underscores the importance of cooperation in combating cyber threats that transcend borders and impact global digital infrastructure.