The United States and its allies have managed to dismantle a massive Chinese technological espionage network. A network of 260,000 cameras connected to each other and to the internet, to routers and other devices and used by Beijing to spy on sensitive organizations such as corporations, media, universities or government agencies in the US and other countries.
The operation took place last week and hit the botnet known as "Flax Typhoon" run by a government contractor in Beijing, the publicly traded company Integrity Technology Group. The FBI had previously obtained a court order to send commands to the devices to disconnect them from the network.
The devices were used by cyberspies as springboards for their activities in breaching government institutions and businesses in the United States, Taiwan and elsewhere, the US said. Other seizures were made in December and January, in February (in this case it was a botnet associated with the Russian military services of the GRU).
"It's another success but we shouldn't delude ourselves, it's just another round in a much longer fight. The Chinese government will continue to target your organization and our critical infrastructure both directly and under the cover of their proxies," commented FBI Director James Wray in his speech at the Aspen Cyber Summit in Washington. The network's activity, which stole confidential data, caused "real damage," Wray added.
One company in California, for example, was forced to bring in IT specialists working for hours to replace hardware "that had taken entire departments offline, causing significant financial damage."
The botnet neutralized earlier, Volt Typhoon, associated with the Chinese military, had mainly breached telecommunications companies. Almost half of the infected devices were located in the US, followed by Vietnam and Germany. Volt Typhoon was targeting a compromised network of routers to access water and electricity distribution companies, as well as communication and transportation systems.
Flat Typhoon, on the other hand, was designed for more traditional espionage, for stealing information from the military, government agencies, higher education, tlds, defense and information technology companies.
The Chinese embassy in Washington complained that "without valid evidence the United States has jumped to unjustified conclusions and made unfounded accusations against China, an extremely irresponsible act and a complete distortion of the facts."
The seizure adds to concerns about the vulnerability of the 'internet of things', namely routers and surveillance cameras, which are used in these types of attacks as 'zombies', guided by a command center that randomly tests thousands of systems looking for vulnerable ones on which to plant malware, later used in attacks. Industry analysts are asking companies that produce them to keep track of their products, particularly those that are still in operation.
