FBI Disrupted China-Backed Operation That Hacked 260,000 Consumer Devices

The FBI disrupted a global Chinese hacking operation that infected more than 260,000 personal devices in the United States and around the world, the U.S. Justice Department said.

The hacking operation was carried out by a Chinese-backed group working for the Beijing-based Integrity Technology Group, known as "Flax Typhoon," which infected devices like routers, cameras and storage devices with a variant of malware that connected them to a network of connected devices, or botnet.

About half of the devices were in the U.S.

Flax Typhoon, active since 2021, targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan, Southeast Asia, Africa and North America.

A California company reported a "computer intrusion" in September 2023 and provided the FBI with a list of IP addresses "assigned to servers used to commit the computer intrusion," court documents say.

The federal agency was able to track the servers to IP addresses accessed by Chinese companies.

"Ultimately, as part of this operation, we were able to identify thousands of infected devices, and, then, with court authorization, issued commands to remove the malware from them, prying them from China's grip," FBI Director Christopher Wray said at the 2024 Aspen Cyber Security Summit in Washington, D.C., on Wednesday.

The Justice Department statement said cyber security officials in Australia, Canada, New Zealand and the United Kingdom also accused Flax Typhoon of being behind the hacking scheme.

The Chinese Embassy in Washington, D.C., accused the U.S. of having "jumped to an unwarranted conclusion and made groundless accusations against China," Reuters reported.