Federal security officials disrupted China-sponsored hackers breaching American defenses, enabling access to people’s cameras and other internet-connected devices, FBI Director Christopher A. Wray said Wednesday.
Mr. Wray said the Flax Typhoon hacking group masqueraded as an information security company while collecting intelligence and conducting reconnaissance for the Chinese government.
Mr. Wray said at the Aspen Cyber Summit in Washington that the hackers targeted media organizations, universities, government agencies and others.
“Flax Typhoon hijacked Internet of Things devices like cameras, video recorders and storage devices,” Mr. Wray said, “things typically found across both big and small organizations, and about half of those hijacked devices were located here in the U.S.”
He said cybersecurity officials took action last week to stop Flax Typhoon, similar to efforts aimed at China’s Volt Typhoon, which government agencies said sought to pre-position in American systems for sabotage.
Where Volt Typhoon targeted routers, Flax Typhoon compromised a broader range of devices, Mr. Wray said.
More than 260,000 devices were compromised for a botnet operated by Flax Typhoon, according to an advisory from the National Security Agency, U.S. Cyber Command, the FBI and allied nations’ agencies. About 126,000 American devices were part of the botnet.
The Justice Department said Wednesday that it had obtained approval from the U.S. District Court for the Western District of Pennsylvania to take control of the hackers’ computing infrastructure and disable commands sent to the infected devices.
“The Justice Department is zeroing in on the Chinese-government-backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” Attorney General Merrick Garland said in a statement. “As we did earlier this year, the Justice Department has again destroyed a botnet used by [People’s Republic of China]-backed hackers to infiltrate consumer devices here in the United States and around the world.”
Unsealed court documents indicate that federal officials began closer investigations of Flax Typhoon in September 2023 in response to a California company’s alert to the FBI of a breach.
Mr. Wray told the Aspen summit that the unidentified California organization “suffered an all-hands-on-deck cybersecurity incident” that caused its information technology workers to spend long hours stopping threats and replacing hardware.
The FBI director praised federal cybersecurity officials’ actions against the Chinese hackers.
“I view this as another successful disruption, but make no mistake: It is just one round in a much longer fight,” Mr. Wray said. “The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies. And we’re going to continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns and bring them to light.”
The NSA recommended that internet users regularly update their systems, change default passwords, replace outdated equipment, and monitor their networks for high traffic volumes, among other things, to guard against Chinese hackers.