The Chinese government has launched another massive campaign to hack as many American institutions as possible, threatening critical infrastructure.
The recent hacking campaign shows that China may be more powerful than ever before, with the potential to take down American infrastructure.
FBI Director Christopher Wray said on Wednesday that the bureau and its partners had infected thousands of devices with malware last week.
Flax Typhoon, a China-backed hacking team, infected Internet of Things devices, such as home routers, firewalls, storage devices, and cameras and video recorders.
According to a US government advisory, as of June Flax Typhoon’s botnet had more than 260,000 malware-infected devices in North America, South America, Europe, Africa, Southeast Asia, and Australia.
In his remarks, Wray said half of the hijacked devices were in the US.
In a rare report, security researchers at Black Lotus Labs said the hackers used the botnet to target US and Taiwanese entities in the military, government, higher education, telecommunications, defense and IT sectors.
The FBI also alleged the Flax Typhoon hackers worked for Integrity Technology Group, a Chinese tech company that contracts for Beijing’s intelligence agencies.
The FBI said the botnet was run by Integrity Technology Group.
A senior administration official told reporters that the Flax Typhoon focuses solely on espionage, while the Volt Typhoon, which is more lethal, shares some infrastructure for its attacks.
Tom Fanning, former executive chairman of electric power operator Southern Company, told Axios that the threat of China lurking in the US and global networks has now become a concern for US companies and government bodies.
“While Typhoon Flax is just the latest example of a nation-state attacking the private sector, we know these things happen all the time,” Fanning said.
Officials worry that China is penetrating networks connected to the US and its allies in an attempt to disrupt trade and spread social panic about a potential Taiwan invasion.
Earlier this year, the country’s senior cybersecurity officials warned Congress about Volt Typhoon, stating they had cleared their networks of infected devices from that hacking group.
Volt Typhoon, the hacking group whose first breach was announced in May 2023, has gained access to several critical infrastructure organizations, including an oil and gas pipeline and a West Coast port.
Like Flax Typhoon, this group also targeted routers to gain access to these systems.
Botnet takedowns are not a foolproof measure to take down hackers, especially nation-state actors.
Officials warn that Volt Typhoon remains a persistent threat to critical infrastructure, despite the successful botnet takedown in January.
Cybercriminal gangs have found a quick workaround after the government seized their botnets.
Campaigns like the one targeting FlaxTyphoon are still making it “risky, costly and difficult” to spy on and hack U.S. critical infrastructure, Anne Neuberger, deputy national security adviser for cyber and emerging technology, told reporters.
The FlaxTyphoon campaign is just one round of a much longer battle, Wray said.
Fanning said the private sector and government will need to strengthen collaboration “to get a view of what’s happening in as real time as possible” to prevent future threats.