Why it matters: The new hacking campaign suggests China could hold more expansive power to turn off key U.S. infrastructure than previously thought.
Driving the news: FBI director Christopher Wray said at the Aspen Cyber Summit on Wednesday that the bureau and its partners hijacked thousands of devices last week that a Chinese hacking group had infected with malware.
- Flax Typhoon, a new China-backed hacking team, infected home routers, firewalls, storage devices, and Internet of Things devices like cameras and video recorders.
Zoom in: As of June, Flax Typhoon's botnet included more than 260,000 malware-infected devices across North America, South America, Europe, Africa, Southeast Asia and Australia, according to a U.S. government advisory.
- Half of the hijacked devices were located in the U.S., Wray said in his remarks.
- Security researchers at Black Lotus Labs said in a coinciding report that hackers have used the botnet to target U.S. and Taiwanese organizations in the military, government, higher education, telecommunications, defense and IT sectors.
- The FBI also alleged that the Flax Typhoon hackers worked for Integrity Technology Group, a Chinese tech company that does contract work for Beijing's intelligence agencies.
- The FBI also said that Integrity Technology Group operated and controlled the botnet.
Threat level: A senior administration official told reporters that while Flax Typhoon is focused solely on espionage, its more destructive counterpart, Volt Typhoon, shared some of the infrastructure for its attacks.
The big picture: The threat of China lurking inside U.S. and other global networks is now existential for American companies and government agencies, Tom Fanning, former executive chairman at electric power operator Southern Company, told Axios.
- "While Flax Typhoon is the latest manifestation of a nation-state attacking the private sector, we do know that these things happen all the time," Fanning said.
- Officials worry that China is establishing these footholds in networks tied to the U.S. and its allies so it can cause societal panic and trade disruptions during a potential Taiwan invasion.
Flashback: Earlier this year the country's top cybersecurity officials warned Congress about Volt Typhoon and shared that they had taken down that hacking group's own network of infected devices.
- Volt Typhoon, a hacking group first publicly unveiled in May 2023, has gained access to several major critical infrastructure organizations, including a West Coast port, a utility in Hawaii, and at least one oil and gas pipeline.
- Similar to Flax Typhoon, this group also targeted routers to gain initial access to these systems.
Yes, but: Botnet takedowns aren't a foolproof fix for taking down hackers, especially nation-state actors.
- Despite a successful botnet takedown in January, Volt Typhoon has remained a persistent threat to critical infrastructure, officials have warned.
- Cybercriminal gangs have quickly found workarounds after the government seized their botnets.
Between the lines: Operations like the one targeting Flax Typhoon still make it "riskier, costlier and harder" for nation-states to spy and hack U.S. critical infrastructure, Anne Neuberger, deputy national security adviser for cyber and emerging tech, told reporters.
What we're watching: Wray warned that the Flax Typhoon operation is just "one round in a much longer fight."
- Stopping future threats will require the private sector and government to strengthen collaboration to get "as much of a real-time view of what's happening as possible," Fanning added.
Comments
Post a Comment