aiwithwords logo

FBI Warns of China-Linked Raptor Train Botnet Attack

Meta Llama

FBI Warns of China-Linked Raptor Train Botnet Attack

A joint cybersecurity advisory from the Federal Bureau of Investigation, Cyber National Mission Force, and National Security Agency exposes new activity from the Flax Typhoon threat actor. The group has compromised more than 260,000 Small Office/Home Office routers, firewalls, Network-attached Storage, and Internet of Things devices to create a botnet capable of launching Distributed Denial of Service attacks or targeted attacks aimed at U.S. networks.

Flax Typhoon, also known as RedJuliett and Ethereal Panda, is a China-based threat actor active since at least mid-2021. The group has targeted Taiwan-based organizations as well as other victims in Southeast Asia, North America, and Africa for cyberespionage purposes. According to the FBI’s joint advisory, the group stands behind a China-based company called Integrity Tech, which has ties to the Chinese government.

Botnet Details

The botnet, known as Raptor Train, has been tracked by Black Lotus Labs, the threat intelligence team from cybersecurity company Lumen, for four years. Affected devices have been compromised by a variant of the infamous Mirai malware family. The malware automates the compromise of various devices by exploiting known vulnerabilities. Once compromised, the device sends system and network information to an attacker-controlled C2 server.

Recommendations from the FBI

The FBI recommends the following actions be taken promptly:

  • Disable unused services and ports at routers and IoT devices.
  • Implement network segmentation to ensure IoT devices do not pose a higher risk of compromise.
  • Monitor for high volumes of network traffic.
  • Deploy patches and updates for all operating systems, software, and firmware.
  • Replace default devices’ passwords with stronger ones.

The federal agency also suggested that businesses plan for device reboots and replace end-of-life equipment with supported ones.

    leave a reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *