U.S. Intelligence Agencies Warn of Chinese Botnet Compromising Global Devices

U.S. intelligence agencies have issued a warning about a Chinese botnet that has compromised 260,000 devices globally, including SOHO routers, firewalls, NAS, and IoT devices from major IT and networking companies. The FBI, NSA, and CNMF revealed that PRC-linked cyber actors used the botnet for DDoS attacks and network compromises, with the U.S. Justice Department having disrupted it through a law enforcement operation.

Integrity Technology Group, a PRC-based company with ties to the Chinese government, managed the botnet known as “Raptor Train.” This botnet has over 260,000 devices, with nearly half in the U.S., and has targeted products and services from various organizations. The botnet’s malware, Mirai, hijacks IoT devices and establishes connections with C2 servers using TLS on port 443.

U.S. agencies, along with Five Eyes partners, confirmed the botnet’s threat, identifying the entity behind it and the specific tactics used. Recommendations from the NSA include regular patching, disabling unused services, changing default passwords, implementing network segmentation, monitoring network traffic, planning device reboots, and replacing end-of-life equipment.

The advisory aims to help National Security Systems and Defense networks mitigate cyber threats posed by the botnet. The alert serves as a warning to organizations and individuals to take proactive measures to secure their devices and networks against potential attacks orchestrated by malicious actors.