FBI says it foiled major Chinese hacking operation that threatened critical U.S. infrastructure

CNN
—

The FBI used a court order to seize control of a network of hundreds of thousands of compromised internet routers and other devices that hackers linked to the Chinese government used to threaten critical infrastructure in the United States and abroad, FBI Director Christopher Wray said Wednesday.

“This is just one round in a much longer fight,” Wray said during a speech at the Aspen Cyber ​​Summit in Washington. “The Chinese government is going to continue to target your organizations and our critical infrastructure.”

According to an advisory issued by the United States and its Five Eyes allies (the English-speaking alliance that includes Australia, Canada, New Zealand and the United Kingdom), this vast network of hacked devices, known as a botnet, posed a threat that Chinese hackers could have used to carry out targeted cyberattacks against American companies or government agencies. As of June, the botnet included more than 260,000 hacked devices worldwide, from North and South America to Australia, according to U.S. officials. The hacked devices ranged from webcams to digital recorders to routers, and about half of them were in the United States, according to Wray.

A spokesperson for the Chinese Embassy in Washington called the US allegations “groundless” and accused the US government of carrying out cyber attacks against China.

It’s the latest blow to the often tense cyber relationship between the United States and China. The U.S. government has long warned that another Chinese-backed hacking group is lurking in U.S. transportation and communications networks, waiting to use that access to disrupt any U.S. response to a potential Chinese invasion of Taiwan.

This Chinese hacking unit is preparing to “wreak havoc and cause real harm” in the United States, Wray told Congress in January.

The botnet targeted by the FBI and its allies on Wednesday was an active threat, Wray said in his speech.

The botnet caused “a cybersecurity incident involving all relevant stakeholders” for an unnamed California-based organization, causing “significant financial loss,” the FBI director said.

But Wednesday’s takedown was more about what the botnet could have done than what it did. Experts say the army of zombie computers has been a silent, menacing threat to U.S. government networks for months. In late December 2023, the botnet’s operators “led extensive forensic efforts” by the U.S. military and other government agencies, according to U.S. tech firm Lumen Technologies, which investigated the activity.

Botnets are a favorite tool for cybercriminals and state-sponsored hackers because users around the world are often unaware that their computers have been hacked for fraud or espionage. The FBI said in February that it helped disrupt a network of more than 1,000 hacked internet routers that Russia’s military intelligence agency allegedly used for cyberespionage operations against the United States and its European allies.

The Chinese botnet targeted Wednesday had a range of capabilities, including the ability to conduct tailored cyberattacks using the devices it had compromised, according to Lumen researchers.

Lumen researchers are watching for signs that Chinese hackers will resurrect the botnet. But for now, “we believe the botnet was taken offline due to a combination of law enforcement efforts and zero routing beginning on September 18,” Danny Adamitis, lead security engineer at Lumen’s Black Lotus Labs threat intelligence division, told CNN.

Null routing is a process that Internet technology providers can use to prevent data from being sent to a specific IP address.

A Chinese company, Integrity Technology Group, has been running the botnet for three years, according to U.S. officials. CNN has reached out to the company for comment.

The Chinese tech company is “involved in many of China’s most significant programs and efforts to improve its hacking capabilities,” Dakota Cary, a consultant at SentinelOne, a security firm that specializes in China, told CNN. “The company’s name is important because it demonstrates the visibility of allied governments into China’s operations, while also allowing researchers to further investigate the company.”