The US Department of Justice (DOJ) announced the successful disruption of a massive botnet run by a Chinese firm with ties to the People’s Republic of China (PRC) government.
A botnet is a network of compromised devices controlled by attackers to launch malicious activities like DDoS attacks or steal data. This particular botnet infected over 260,000 devices worldwide, including:
- Internet of Things (IoT) devices
- Small office/home office (SOHO) network devices
- Firewalls
- Network-attached storage (NAS) devices
The botnet targeted devices running outdated firmware and exploited vulnerabilities in hardware from various brands, including Fortinet, QNAP, Ivanti, DrayTek, Netgear, and even Telstra’s older Smart Modem Gen 2 devices.
Although no known DDoS attacks originated from this botnet, it had the potential to launch them and potentially infiltrate targeted networks. Lumen’s Black Lotus Labs confirmed activity targeting military, education, defense, and government entities in both Taiwan and the US.
The FBI successfully took control of the botnet’s communication infrastructure (C2) and disabled the malware on infected devices using remote commands. This did not impact the functionality of the infected devices, and no data was collected.
Recommendations:
- Update device firmware regularly.
- Replace devices that are no longer supported by their manufacturers.
- Segment your network to isolate potential threats.
This disruption demonstrates the ongoing struggle against cybercrime and the importance of cybersecurity awareness for both individuals and organisations.