Justice Department stops major Chinese hacking operation that infected consumer devices

WASHINGTON – The FBI has dismantled a group of hackers working on behalf of the Chinese government that targeted universities, government agencies and other organizations, Director Chris Wray said Wednesday.

The hacking campaign, known as Flax Typhoon, installed malware on over 200,000 consumer devices, including cameras, video recorders, and home and office routers, to create a massive botnet – a network of infected computers. The botnet was used to commit cybercrimes, such as stealing sensitive information from victims’ networks.

“Flax Typhoon’s actions caused real harm to its victims. They had to spend valuable time cleaning up the mess when they discovered the malware,” Wray said at the Aspen Cyber ​​Summit.

At the same conference, Assistant Attorney General Lisa Monaco said the average citizen should be concerned because the case involves “criminal activity and disruptive activity that may be taking place on their devices. And it’s part of a larger ecosystem that’s being used by malicious cyber actors.”

The FBI and Justice Department, which obtained a search warrant to seize the botnet infrastructure, did not name any of the targets but said they included universities, government agencies, telecommunications providers, media companies and nongovernmental organizations. Half of the hijacked devices were in the United States, Wray said.

“This was another successful disruption, but make no mistake – it is just one round in a much longer battle,” Wray said. “The Chinese government will continue to target your organizations and our critical infrastructure, either through themselves or covertly through their proxies, and we will continue to work with our partners to identify their malicious activities, disrupt their hacking campaigns, and bring them to light.”

Flax Typhoon was described in a Microsoft report in August 2023, which said the group had increased its attacks on Taiwanese organizations as well as government agencies in other countries.

The outage came nine months after Wray told Congress that he had taken down a Chinese state-sponsored hacking group called Volt Typhoon. The group hijacked U.S.-based routers belonging to individuals and businesses in small offices and homes to cover their tracks while spreading malware. Their ultimate targets were water treatment plants, the power grid and transportation systems in the U.S.