FBI disrupts Chinese cyber operation targeting critical infrastructure in the US
FBI Director Chris Wray says the FBI has disrupted a group of Chinese hackers who were working at the direction of the Chinese government to infiltrate critical infrastructure in the U.S. and other countries and to steal data from universities and government agencies
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The FBI has disrupted a group of Chinese hackers who were working at the direction of the Chinese government to infiltrate critical infrastructure in the U.S. and other countries and to spy on and steal data from universities, government agencies and others, Director Chris Wray said Wednesday.
The hacking campaign known as Flax Typhoon installed malicious software on thousands of internet-connected devices, including cameras, video recorders, and home and office routers, to create a massive botnet — a network of infected computers.
“Flax Typhoon’s actions caused real harm to its victims, who had to devote precious time to clean up the mess when they discovered the malware,” Wray said at the Aspen Cyber Summit.
The FBI and Justice Department, which obtained a warrant to seize the botnet's infrastructure, did not identify any of the targets by name but said they included universities, government agencies, telecommunications providers, media organizations and nongovernmental organizations. Half of the hijacked devices were located in the U.S., Wray said.
“This was another successful disruption, but make no mistake — it’s just one round in a much longer fight,” Wray said. “The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies, and we’ll continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns, and bring them to light.”
Flax Typhoon was described in a Microsoft report in August 2023 that said the group had stepped up its targeting of Taiwanese organizations as well as government agencies in other countries.
The disruption was revealed nine months after Wray disclosed to Congress a separate takedown of a Chinese state-sponsored hacking group known as Volt Typhoon, in which U.S.-based small office and home routers owned by private citizens and companies were hijacked by hackers to cover their tracks as they sowed the malware. Their ultimate targets included water treatment plants, the electrical grid and transportation systems across the U.S.