FBI: Huge China-Linked Attack Campaign Compromised 260,000 Devices
The massive campaign targeted U.S. networks through compromising devices including routers and firewalls, according to an advisory from the FBI and other agencies.
A massive cyberattack campaign linked to China targeted U.S. networks through compromising devices including routers and firewalls, according to an advisory Wednesday from the FBI and other federal agencies.
The advisory from the FBI, NSA and Cyber National Mission Force (CNMF) indicated that the campaign attributed to a China-based company, Integrity Technology Group, has been disrupted. The attackers had compromised more than 260,000 devices as of June, and had controlled a network of infected devices as far back as mid-2021, according to the agencies.
[Related: Network Security Devices Are The Front Door To An IT Environment, But Are They Under Lock And Key?]
Internet-connected devices targeted in the attacks included small office/home office (SOHO) routers as well as firewalls, network-attached storage and IoT devices, the agencies said.
The devices together formed an assembly of malware-infected devices, known as a botnet, which threat actors aimed to use for launching attacks against victims in North America, Europe, Asia and other regions, according to the advisory.
“The actors may then use the botnet as a proxy to conceal their identities while deploying distributed denial of service (DDoS) attacks or compromising targeted U.S. networks,” the agencies said.
The attackers utilized vulnerabilities in devices from numerous network security vendors, according to the advisory.
“While devices aged beyond their end-of-life dates are known to be more vulnerable to intrusion, many of the compromised devices in the Integrity Tech-controlled botnet are likely still supported by their respective vendors,” the agencies said.
The advisory noted that 48 percent of infected devices were based in the U.S., followed by 8 percent in Vietnam and 7 percent in Germany.
The FBI provided guidance for mitigating threats such as the China-linked botnet campaign, including disabling unused ports and services, deploying network segmentation, monitoring for high traffic volumes on the network and applying patches.