U.S. dismantles Chinese espionage network that monitored 260,000 electronic devices in the West
"This was another successful disruption, but make no mistake (...) the Chinese government is going to continue to target your organizations and our critical infrastructure," said FBI Director.
The United States and several allied countries succeeded in dismantling a large online espionage network that was being run by China's regime. The operation allowed them to take control of 260,000 Internet-connected devices, such as cameras and routers, which China was using to spy on important organizations in different countries.
U.S. authorities identified the botnet, called Flax Typhoon, that was being operated by a Chinese company working for the government, called Integrity Technology Group, which is listed on the Beijing stock exchange. The FBI obtained court authorization to send instructions to the infected devices, disconnecting them from the network and blocking their ability to continue spying.
Spying on critical infrastructure
According to FBI Director Christopher A. Wray, who spoke at the Aspen Cyber Summit in Washington, the infected devices were used as a "springboard" by Chinese cyberspies to breach government and industrial institutions in the United States, Taiwan and elsewhere. "This was another successful disruption, but make no mistake — it’s just one round in a much longer fight. The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies," he said.
Among the sectors affected by the theft of sensitive data are corporations, universities, government agencies and media outlets. Wray highlighted the significant damage these incursions caused to victims, as in the case of one organization in California, whose IT staff was forced to work long hours to replace compromised equipment, causing considerable financial losses.
Previous operations and the Chinese cyber challenge
This operation adds to other recent actions against Chinese cyber espionage networks. In December and January, U.S. authorities conducted a similar operation targeting Volt Typhoon, another hacker group linked to the Chinese People's Liberation Army, which had infiltrated telecommunications companies in the United States. Volt Typhoon also compromised critical infrastructure such as electricity and water utilities, retaining the ability to launch disruptive attacks.
Unlike Volt Typhoon, Flax Typhoon focused more on traditional espionage and the theft of sensitive information, especially in areas such as telecommunications and technology. Microsoft had previously warned about the activities of this group, noting that its main targets were in Taiwan.
International response and China's reaction
The intelligence agencies of the United States, Canada, the United Kingdom, Australia and New Zealand issued a joint statement confirming that nearly half of the infected devices were on U.S. soil, followed by Vietnam and Germany. The operation underscores growing concerns about the security of the "Internet of Things," a network of Internet-connected devices, such as cameras and routers, that are vulnerable to cyber attacks.
China hotly denies the allegations. Liu Pengyu, spokesman for the Chinese embassy in Washington, said in a statement that the U.S. accusations are baseless and a "complete distortion of the facts."