The FBI has successfully disrupted a group of Chinese hackers who were operating under the direction of the Chinese government to infiltrate critical infrastructure in the U.S. and other countries. The hacking campaign, known as Flax Typhoon, involved the installation of malicious software on thousands of internet-connected devices, such as cameras, video recorders, and home and office routers, to create a massive botnet.
According to FBI Director Chris Wray, Flax Typhoon's actions resulted in real harm to its victims, who had to invest significant time and resources to clean up the malware once discovered. The FBI, in collaboration with the Justice Department, obtained a warrant to seize the botnet's infrastructure.
While specific targets were not named, the victims included universities, government agencies, telecommunications providers, media organizations, and nongovernmental organizations. Approximately half of the compromised devices were located in the U.S.
Wray emphasized that this disruption was a significant achievement but cautioned that it was just one battle in an ongoing struggle. He warned that the Chinese government would likely continue to target organizations and critical infrastructure, either directly or through proxies. The FBI remains committed to working with its partners to identify and disrupt malicious activities and hold perpetrators accountable.
Flax Typhoon was previously highlighted in a Microsoft report from August 2023, which noted the group's increased targeting of Taiwanese organizations and government agencies in various countries.
This recent disruption comes on the heels of a separate takedown of a Chinese state-sponsored hacking group called Volt Typhoon, where hackers hijacked U.S.-based small office and home routers to conceal their activities. The ultimate targets of this group included critical infrastructure such as water treatment plants, the electrical grid, and transportation systems across the U.S.
