September 19, 2024 at 06:15AM
The US government disrupted a Chinese state-sponsored botnet named Raptor Train, created by Flax Typhoon. The botnet compromised over 260,000 devices, powering DDoS attacks and routing malware. Law enforcement operations successfully neutralized the botnet, despite attempted interference by the hackers. Five Eyes agencies issued a joint advisory and efforts continue to contact affected device owners.
From the meeting notes, it is clear that the US government has successfully disrupted a massive botnet, known as Raptor Train, created by Chinese state-sponsored hackers. The botnet, powered by over 60,000 devices, had compromised an estimated 260,000 routers, network-attached storage (NAS) devices, and IP cameras over the last four years, utilizing both zero-day and n-day vulnerabilities. The botnet had been used to target critical sectors, including military, government, higher education, telecommunications, and defense industrial base in the US and Taiwan.
The disruption involved a court-authorized law enforcement operation that took control of the threat actor’s infrastructure and sent commands to disable the malware on compromised devices. The US Justice Department confirmed the success of this operation, despite an attempted DDoS attack by the hackers to interfere with the FBI’s efforts.
Additionally, Black Lotus Labs, along with French authorities, contributed to the botnet takedown efforts, and Five Eyes agencies published a joint cybersecurity advisory providing mitigation recommendations related to the botnet.
This development follows previous takedowns of botnets linked to Chinese state-backed hackers, reinforcing the ongoing cyber conflict between the US and China.