The FBI has successfully disrupted a second Chinese hacking group, recovering thousands of compromised devices in an ongoing battle against cyber threats. FBI Director Christopher Wray revealed the operation at the Aspen Cyber Summit, labeling the group as 'Flax Typhoon' and identifying the orchestrator as Chinese company Integrity Technology Group.
According to Wray, the company was masquerading as an IT firm while actually collecting intelligence and conducting reconnaissance for Chinese government security agencies. The group utilized a network of hijacked devices, known as a botnet, to route malicious traffic. These compromised devices, including cameras and digital storage devices, were found in various organizations, with half located in the U.S.
During the FBI's attempt to gain control over the botnet, the hackers launched a DDOS cyberattack before ultimately abandoning the operation. Wray noted that Flax Typhoon's tactics mirrored those of a previous group, 'Volt Typhoon,' which has been a persistent concern since its identification last year.
Wray highlighted that Volt Typhoon had infiltrated critical infrastructure companies in the U.S., such as those in telecommunications, energy, and water sectors. Security experts from Microsoft and Google have linked these hacking activities to China, with tensions around Taiwan believed to be a motivating factor.
While a Chinese Ministry of Foreign Affairs spokesperson denied government involvement, Wray emphasized that combating Chinese hacking groups remains a top priority for the FBI. He warned that these groups, whether acting directly or through proxies, pose a significant threat to both organizations and critical infrastructure in the U.S.
'The Chinese government's targeting of our critical infrastructure is a persistent threat that we must address,' stated Wray, underscoring the ongoing nature of the cybersecurity challenge posed by Chinese actors.