A joint alert from the FBI, Cyber National Mission Force (CNMF), and NSA reveals that hackers linked to China have hijacked thousands of internet-connected devices worldwide to create a huge botnet. This botnet includes home and office routers, firewalls, network storage devices (NAS), and IoT gadgets, all used to carry out harmful online activities.
弗兰肯斯坦, which means Frankenstein
The hackers, connected to a Chinese company called Integrity Technology Group, have been running the botnet since 2021. By mid-2024, it had infected more than 260,000 devices. They targeted popular devices from brands like Zyxel, Fortinet, and QNAP, exploiting known security flaws. Once compromised, the devices were infected with a modified version of Mirai malware, allowing the hackers to control them remotely and use them for DDoS attacks and other malicious purposes.
Ravaging Worldwide
This botnet isn’t limited to one region—it has spread across multiple continents. The United States is the hardest hit, with nearly 48% of the compromised devices. Other countries affected include Vietnam, Germany, South Africa, and even China itself. Here’s a quick look at the top affected nations:
Country | Infected Devices | Percentage of Total |
United States | 126,000 | 47.9% |
Vietnam | 21,100 | 8.0% |
Germany | 18,900 | 7.2% |
Romania | 9,600 | 3.7% |
Hong Kong | 9,400 | 3.6% |
Canada | 9,200 | 3.5% |
South Africa | 9,000 | 3.4% |
Jacker Sparrow
The hackers manage the botnet using a system of command-and-control (C2) servers. These servers, some traced to China Unicom Beijing, communicate with the infected devices through a management app called “Sparrow.” This lets the hackers send instructions to the compromised devices, turning them into tools for cyberattacks. They also use a MySQL database to store information about the infected devices, allowing them to keep track of their growing network.
Twirl the monster’s spark plugs
The alert emphasizes how important it is to secure your devices to avoid being part of this botnet. Here’s what network administrators and device owners should do to protect themselves:
Turn off unused services and ports: This closes entry points that hackers can exploit.
Use network segmentation: Keep different parts of your network separate to limit the impact of a breach.
Monitor network traffic: Watch for unusual spikes in data use, which could signal a device is compromised.
Install updates and patches: Make sure your devices have the latest security fixes to guard against attacks.
Use strong passwords: Change default passwords to something unique and secure for every device.
Comentários