The Rise of a Large-Scale Botnet Managed by China-Based Company with Government Links
In a recent advisory issued by Western cybersecurity agencies, a concerning development has come to light – a large-scale botnet managed by a China-based company with suspected links to the Chinese government.
According to the advisory, the botnet comprises around 260,000 devices infected with Mirai malware. These devices include firewalls, network-attached storage, SoHo routers, IoT devices such as webcams, and more. The potential uses of this botnet range from launching distributed denial of service attacks (DDoS) to compromising networks and delivering malware.
Integrity Technology Group, based in the People’s Republic of China, is identified as the controlling entity of the botnet. The company is believed to have ties to the Chinese government and uses China Unicom Beijing Province Network IP addresses for network control.
Operating since mid-2021, the botnet’s activities align with those of the cyber-threat group Flax Typhoon, also known as RedJuliett and Ethereal Panda, as reported by the FBI and partner agencies. The victim devices have been identified across multiple continents, including North and South America, Europe, Africa, Southeast Asia, and Australia.
The majority of the infected devices were discovered in North America (51.3%), followed by Europe (24.9%). The diversity of affected regions underscores the widespread reach and impact of this botnet.
Preventive Measures and Recommendations
Given the severity of this threat, the NSA emphasizes the importance of updating devices to prevent botnet infections. Owners, operators, and manufacturers are urged to take proactive steps such as regular patching, using strong passwords, and disabling unused services and ports.
Dave Luber, the NSA’s cybersecurity director, underscores the urgency of the situation, stating, “The botnet incorporates thousands of US devices with victims in a range of sectors.” He emphasizes the value of the advisory in providing insights into the botnet infrastructure, affected countries, and mitigation strategies.
Paul Chichester, director of operations at the UK’s NCSC, echoes the sentiment, emphasizing the threat posed by botnet operations and encouraging organizations and individuals to follow the advisory guidance to safeguard their devices.
Joining forces with security agencies in Canada, Australia, and New Zealand, the US and UK are collectively working to combat this growing threat and ensure the cybersecurity of internet-connected devices.