FBI joint operation takes down massive Chinese botnet, Wray says | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/fbi-operation-china-botnet-flax-typhoon\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"FBI joint operation takes down massive Chinese botnet, Wray says\"> <meta property=\"og:description\" content=\"Flax Typhoon targeted critical infrastructure in the U.S. and abroad, and Black Lotus Labs researchers observed a \u201clarge scanning effort\u201d targeting U.S. military and government.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/fbi-operation-china-botnet-flax-typhoon\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-09-18T14:34:17+00:00\"> <meta property=\"article:modified_time\" content=\"2024-09-18T16:14:26+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg\"> <meta property=\"og:image:width\" content=\"2121\"> <meta property=\"og:image:height\" content=\"1414\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725466133g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1724269863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81800\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81800\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-operation-china-botnet-flax-typhoon%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-operation-china-botnet-flax-typhoon%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81800 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/fbi-operation-china-botnet-flax-typhoon\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.778481012658\">\n<div class=\"single-article__header-content\" readability=\"31.976744186047\">\n<p> Flax Typhoon targeted critical infrastructure in the U.S. and abroad, and Black Lotus Labs researchers observed a \u201clarge scanning effort\u201d targeting U.S. military and government. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg 2121w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-4.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"88.465566306204\"><body readability=\"179.5252657638\"><\/p>\n<p>The FBI conducted a joint operation last week to take down a massive Chinese state-sponsored botnet that the attackers used to compromise hundreds of thousands of devices, target U.S. and overseas critical infrastructure and steal data, Director Chris Wray said Wednesday. <\/p>\n<p>The group behind the botnet, Flax Typhoon, hijacked routers and Internet of Things devices like cameras, video recorders and storage devices, Wray said at the Aspen Cyber Summit \u2014 a step beyond the much-hyped operations of fellow Chinese hackers <a href=\"https:\/\/cyberscoop.com\/tag\/volt-typhoon\/\">Volt Typhoon<\/a> that had focused on routers. The targets included corporations, media organizations, universities and government agencies.<\/p>\n<p>\u201cFlax Typhoon\u2019s actions caused real harm to its victims,\u201d he said. \u201cWorking in collaboration with our partners, we executed court-authorized operations to take control of the botnet\u2019s infrastructure.<\/p>\n<p>\u201cAnd when the bad guys realized what was happening, they tried to migrate their bots to new servers, and even conducted a DDoS attack against us,\u201d Wray continued, referring to distributed denial of service attacks. \u201cWorking with our partners, we were able to not only mitigate their attack, but also identify their new infrastructure in just a matter of hours. At that point, as we began pivoting to their new servers, these guys finally realized it was the FBI and our partners that we were up against, and with that realization, they essentially burned down their new infrastructure and abandoned their\u201d salvation efforts.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The FBI joint operation was able to identify thousands of infected devices, he said, thus allowing it to remove malware from them, \u201cprying them from China\u2019s grip,\u201d he said.<\/p>\n<p>The people behind the attack, according to Wray, \u201crepresent themselves as an information security company, the Integrity Technology Group, but their chairman has publicly admitted that for years his company has collected intelligence and performed reconnaissance for Chinese government security agencies.\u201d<\/p>\n<p>Despite the success, Wray said \u201cit is just round one of a much longer fight.\u201d<\/p>\n<p>In a report released hours after Wray\u2019s comments, researchers with Black Lotus Labs detailed a series of campaigns carried out by the botnet \u2014 which they call Raptor Train \u2014 over the past four years, including those that targeted military, government, telecommunications and defense industry entities in the U.S. and Taiwan. <\/p>\n<p>Researchers at Black Lotus Labs, the threat research and operations arm of the U.S. telecommunications firm Lumen, said the full scope remains unclear, but some targets have been detected, including a \u201clarge scanning effort\u201d in late December 2023 targeting U.S. military (including assets located in Japan), U.S. government, IT providers and unnamed defense industry organizations.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Further activity included widespread, global targeting that included a government agency in Kazakhstan, and more targeted scanning and likely exploitation attempts against vulnerable software, including Atlassian Confluence servers and Ivanti Connect Secure appliances, the researchers said.<\/p>\n<p>The entire operation is managed through an application called \u201cSparrow\u201d that enables scalable exploitation of bot, vulnerability and exploit management, remote management of command and control infrastructure, file uploads and downloads, remote command execution and the ability to tailor distributed denial of service attacks at scale, the researchers said.<\/p>\n<p>\u201cWhile Black Lotus Labs has yet to see any DDoS attacks originating from Raptor Train, we suspect this is an ability the China-based operators preserve for future use,\u201d the researchers noted.<\/p>\n<p>The team outlined its findings in a <a href=\"https:\/\/blog.lumen.com\/derailing-the-raptor-train\">blog post<\/a> and a longer technical analysis unpacking the botnet\u2019s architecture, four overlapping campaigns, malware delivered through the botnet, and attribution and operational use.<\/p>\n<p>Also Wednesday, the National Security Agency \u2014 in <a href=\"https:\/\/media.defense.gov\/2024\/Sep\/18\/2003547016\/-1\/-1\/0\/CSA-PRC-LINKED-ACTORS-BOTNET.PDF\">a joint advisory<\/a> produced by other U.S. and allied security agencies \u2014 said the botnet consisted of over 260,000 devices as of June, with victims in North America, South America, Europe, Africa, Southeast Asia and Australia.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWhile devices aged beyond their end-of-life dates are known to be more vulnerable to intrusion, many of the compromised devices in the Integrity Tech controlled botnet are likely still supported by their respective vendors,\u201d reads the advisory, produced alongside the FBI and Cyber National Mission Force, as well as agencies in Australia, Canada, New Zealand and the United Kingdom.<\/p>\n<p>The advisory states that Integrity Technology Group controlled the botnet with China Unicom Beijing Province Network internet protocol addresses, and used those addresses to access \u201cother operational infrastructure employed in computer intrusion activities against U.S. victims.\u201d<\/p>\n<p>The botnet relied on the Mirai family of malware, according to the advisory. The United States accounted for 126,000 of botnet devices, with the next highest number in Vietnam at 21,100.<\/p>\n<p>An Aug. 24, 2023 <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/08\/24\/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations\/\">blog post by Microsoft Threat Intelligence<\/a> noted that although Microsoft did not have full visibility into Flax Typhoon\u2019s activity, the group\u2019s minimal use of malware and deft ability to rely on tools already built into target operating systems, along with benign software, helps reduce detection. <\/p>\n<p>That approach, also known as \u201c<a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/identifying-and-mitigating-living-land-techniques\">living off the land<\/a>,\u201d has been a key facet of what U.S. officials have termed aggressive and intense Chinese-sponsored cyber activity in recent years. Alongside more typical espionage and intellectual property theft activities, officials say similar Chinese operations have increasingly burrowed into sensitive U.S. critical infrastructure networks with little to no traditional military value. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Instead, <a href=\"https:\/\/cyberscoop.com\/chinese-cyber-threats-fbi-operation-botnet\/\">U.S. officials allege<\/a>, this variety of Chinese activity is more likely preparatory prepositioning to disrupt key U.S., Taiwanese and other targets \u2014 civilian and government \u2014 in the event of a military confrontation. Top U.S. intelligence and cybersecurity officials have warned since early 2023 of the activity, tracked under Volt Typhoon. <\/p>\n<p>Key to Volt Typhoon activity has been its targeting of privately owned small office\/home office (SOHO) routers that are either at the end of life and not regularly updated or are difficult for owners to monitor and update. In January, the <a href=\"https:\/\/cyberscoop.com\/chinese-cyber-threats-fbi-operation-botnet\/\">U.S. Department of Justice and the FBI disrupted<\/a> the KV Botnet, which was used as part of Volt Typhoon activity and abused similar kinds of devices.<\/p>\n<p>The Chinese government has consistently denied U.S. characterizations of its cyber activity, including Volt Typhoon, alleging instead that it is a U.S. disinformation campaign designed to frame China.<\/p>\n<p><em>This story was updated Sept. 18, 2024 with details from the Black Lotus Labs report and the NSA joint advisory.<\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.35625\">\n<div class=\"author-card\" readability=\"7\">\n<p><h4 class=\"author-card__name\">Written by Tim Starks and AJ Vicens<\/h4>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"22.066914498141\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/commerce-department-investigation-chinese-wifi-router-company\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-1.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-5.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-5.jpg?resize=1013,675 1013w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> A picture taken on Feb. 28, 2023, shows the logo of TP-Link, a manufacturer of computer networking products, and its app Aginet, at the Mobile World Congress, the telecom industry\u2019s biggest annual gathering, in Barcelona. (Photo by PAU BARRENA\/AFP via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/commerce-department-investigation-chinese-wifi-router-company\/\"> House lawmakers push Commerce Department to probe Chinese Wi-Fi router company <\/a> <\/h3>\n<p> The top representatives from the chamber\u2019s U.S.-China competition committee want an investigation into TP-Link Technologies and an assessment of its national security risks. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-bracken\/\"> Matt Bracken <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/easterly-crowdstrike-china-volt-typhoon\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-2.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Jen Easterly, director of the Homeland Security Department\u2019s Cybersecurity and Infrastructure Security Agency, testifies during a hearing by the House (Select) Strategic Competition Between the United States and the Chinese Communist Party Committee on Capitol Hill on January 31, 2024 in Washington, DC. (Photo by Kevin Dietsch\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/easterly-crowdstrike-china-volt-typhoon\/\"> Easterly: Potential Chinese cyberattack could unfold like CrowdStrike error <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says-7.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Members of the People\u2019s Liberation Army flag honour guard march in Tiananmen Square after the closing session of the NPC, or National People\u2019s Congress at the Great Hall of the People on March 11, 2024 in Beijing, China. (Photo by Kevin Frayer\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say\/\"> Chinese hackers are increasingly deploying ransomware, researchers say <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/fbi-operation-china-botnet-flax-typhoon\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FBI joint operation takes down massive Chinese botnet, Wray says<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2707,2080,271,413,174,2708,1690,288,1498],"tags":[2709,2082,277,415,178,2710,1692,294,1499],"class_list":["post-5356","post","type-post","status-publish","format-standard","hentry","category-black-lotus-labs","category-botnets","category-china","category-critical-infrastructure","category-ddos","category-flax-typhoon","category-internet-of-things-iot","category-threats","category-volt-typhoon","tag-black-lotus-labs","tag-botnets","tag-china","tag-critical-infrastructure","tag-ddos","tag-flax-typhoon","tag-internet-of-things-iot","tag-threats","tag-volt-typhoon"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/black-lotus-labs\/\" rel=\"category tag\">Black Lotus Labs<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/botnets\/\" rel=\"category tag\">botnets<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ddos\/\" rel=\"category tag\">DDoS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/flax-typhoon\/\" rel=\"category tag\">Flax Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/internet-of-things-iot\/\" rel=\"category tag\">Internet of Things (IoT)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/volt-typhoon\/\" rel=\"category tag\">Volt Typhoon<\/a>","tag_info":"Volt Typhoon","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5356"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5356\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5356,"date":"2024-09-18T09:34:17","date_gmt":"2024-09-18T14:34:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81800"},"modified":"2024-09-18T09:34:17","modified_gmt":"2024-09-18T14:34:17","slug":"fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/18\/fbi-joint-operation-takes-down-massive-chinese-botnet-wray-says\/","title":{"rendered":"FBI joint operation takes down massive Chinese botnet, Wray says"},"content":{"rendered":"