San Diego/ Crime & Emergencies
AI Assisted Icon
Published on September 19, 2024
Justice Department Crushes Chinese-Hacker Controlled 'Raptor Train' Botnet in Cybercrime CrackdownSource: Google Street View

The Justice Department has struck a significant blow against state-sponsored cybercrime by dismantling a massive botnet controlled by Chinese hackers. In a court-sanctioned move, confirmed by the Office of Public Affairs on September 18, the operation effectively neutralized over 200,000 devices infected worldwide.

According to the Western District of Pennsylvania court documents, the infected consumer devices ranged from routers and IP cameras to DVRs and NAS devices. These were compromised by hackers employed by Beijing's Integrity Technology Group, known to the private sector as "Flax Typhoon." The botnet was used for executing malicious cyber activities and was designed to be disguised as routine internet traffic from infected consumer devices. Attorney General Merrick B. Garland pointed out that the Justice Department is actively targeting Chinese government-backed hacking groups that pose a severe threat to our national security.

The botnet, referred to as "Raptor Train" by Lumen Technologies' threat intelligence group Black Lotus Labs, which first uncovered it, enabled hackers to infiltrate networks and steal sensitive information stealthily. As the Department of Justice detailed, Deputy Attorney General Lisa Monaco stated, "This network, managed by a PRC government contractor, hijacked hundreds of thousands of private routers, cameras, and other consumer devices to create a malicious system for the PRC to exploit."

Victims of botnets in the United States are notified through their ISPs, as the FBI reaches out to those affected by this court-authorized operation. For individuals concerned about potentially compromised devices, resources such as the FBI's Internet Crime Complaint Center (IC3) are available for assistance. The FBI is investigating Integrity Technology Group's and Flax Typhoon's computer intrusion activities, maintaining vigilance against the ongoing cyber threats.