Vast Chinese Hacking Operation of U.S. Consumer Tech Busted
The FBI has successfully disrupted a Chinese state-sponsored hacking operation that compromised over 200,000 consumer devices in the U.S.
Director Chris Wray announced that the hacking campaign, known as Flax Typhoon, had been operating undetected for months, targeting universities, government agencies, and telecommunications providers, among other organizations.
Home routers, cameras, and video recorders were infiltrated in the process.
It is believed that the state-sponsored hackers conducted their operation for Integrity Technology Group, a company based in Beijing.
The hacker’s botnet—a network of infected computers—was designed to steal sensitive data from victims’ devices, with nearly half the compromised devices located in the United States.
“Flax Typhoon’s actions caused real harm to its victims, who had to devote precious time to clean up the mess when they discovered the malware,” Wray said during the Aspen Cyber Summit.
FBI Director Christopher Wray speaks during an Election Threats Task Force meeting at the Justice Department on Sept. 4, 2024 in Washington, DC. Flax Typhoon’s activities were first reported by Microsoft, which noted an increase in attacks on Taiwanese and global government agencies.
Andrew Harnik/Getty Images
The large-scale hacking scheme was attributed to the Chinese government, which has previously been implicated in similar cyberattacks.
The Justice Department obtained a court order to seize the botnet’s infrastructure, marking another significant victory in the ongoing cyber conflict between U.S. authorities and state-backed actors, particularly from China.
Deputy Attorney General Lisa Monaco, speaking at the same conference, emphasized that this case should concern all citizens.
“The average citizen should care because the case involves criminal activity, disruptive activity going on in potentially their devices,” Monaco said.
She added that it is part of a broader ecosystem being exploited by malicious cyber actors.
Although the FBI did not identify specific targets of the operation, they confirmed that an array of public and private organizations were among the entities affected.
Wray stressed that while the disruption of Flax Typhoon is a significant success, it is just one chapter in a long and complex battle.
“Make no mistake—it’s just one round in a much longer fight,” he warned.
“The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies.”
A stock photo of public surveillance cameras on a pole in the city of Shanghai, China. Nearly half Chinese hacking network Flax Typhoon’s targeted compromised devices were located in the U.S., with the rest spread across other countries.
Getty Images
Flax Typhoon was first reported by Microsoft in August 2023, when the group’s activities intensified, particularly against Taiwanese organizations.
Older devices, including those from NetGear Inc. and Cisco Systems Inc., were especially vulnerable due to no longer receiving critical security updates.
The network’s dismantling comes just months after the FBI disclosed the takedown of another Chinese hacking group, Volt Typhoon, which had targeted critical U.S. infrastructure, including water treatment plants and the electrical grid.
“The disruption of this worldwide botnet is part of the FBI’s commitment to using technical operations to help protect victims, expose publicly the scope of these criminal hacking campaigns, and to use the adversary’s tools against them to remove malicious infrastructure from the virtual battlefield,” FBI Deputy Director Paul Abbate said in a statement.
“The FBI’s unique legal authorities allowed it to lead an international operation with partners that collectively disconnected this botnet from its China-based hackers at Integrity Technology Group.”
This article includes reporting from The Associated Press