FBI Director Christopher Wray revealed that the agency’s international efforts led China-backed spies to abandon a massive botnet consisting of 260,000 devices. The botnet, controlled by Integrity Technology Group, was being used for spying and targeting critical infrastructure in the US.
Wray stated that Flax Typhoon, the group behind the botnet, had been building it since 2021 and was accused of spying on Taiwanese networks. However, the FBI’s Cyber National Mission Force (CNMF) took control of the botnet’s command and control servers with court authorization, thwarting China’s attempts to switch to backup systems.
The botnet used Mirai-based malware to exploit known vulnerabilities in internet-connected devices, installing a payload that communicated with command-and-control servers via TLS on port 443. Investigators found over 80 subdomains linked to the command-and-control servers as of this month.
Wray also highlighted the FBI’s efforts to defeat ransomware gangs and help negotiate settlements for victims. The agency has developed and shared decryption keys, helping nearly 1,000 organizations recover their data, saving them over $800 million in lost productivity and time spent clearing up after attacks.
The FBI will assist in negotiating with criminals when victims choose to pay a ransom, as seen in the case of an unnamed US cancer treatment center that was crippled by ransomware. The agency helped negotiate a payment from $450,000 down to $50,000, enabling the center to resume operations days after the attack.
Source: https://www.theregister.com/2024/09/18/fbi_flax_typhoon_ransomware/