Significant Flax Typhoon botnet dismantled

Chinese state-sponsored threat operation Flax Typhoon had its massive botnet leveraged to compromise critical infrastructure entities in the U.S. and other countries confirmed by FBI Director Christopher Wray to have been disrupted in a joint law enforcement operation, CyberScoop reports.

More than 260,000 devices have been part of the Mirai-based botnet, which has been controlled by the Integrity Technology Group using IP addresses of the China Unicom Beijing Province Network, most of which were from the U.S., according to a joint advisory from the FBI, National Security Agency, Cyber National Mission Force, and law enforcement agencies from other Five Eyes nations. Another report from Lumen Technologies' Black Lotus Labs researchers revealed that U.S. and Taiwan government, military, defense, and telecommunications organizations have been targeted by the botnet, which they tracked as Raptor Train. Attacks with Raptor Train have also branched out to compromise Atlassian Confluence and Ivanti Connect Secure instances, as well as a Kazakhstan-based government agency, said researchers.