Justice Department disrupts vast Chinese hacking operation that infected consumer devices

WASHINGTON — The FBI has disrupted a group of hackers working at the direction of the Chinese government who targeted universities, government agencies and other organizations, Director Chris Wray said Wednesday.

The hacking campaign known as Flax Typhoon installed malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers, to create a massive botnet — a network of infected computers. The botnet was used to facilitate cyber crimes, such as the theft of sensitive information from victims’ networks.

“Flax Typhoon’s actions caused real harm to its victims, who had to devote precious time to clean up the mess when they discovered the malware,” Wray said at the Aspen Cyber Summit.

Speaking at the same conference, Deputy Attorney General Lisa Monaco said the average citizen should care because the case involves “criminal activity, disruptive activity going on in potentially their devices. And, and it is part of a broader ecosystem that malicious cyber actors are using.”

The FBI and Justice Department, which obtained a warrant to seize the botnet’s infrastructure, did not identify any of the targets by name but said they included universities, government agencies, telecommunications providers, media organizations and nongovernmental organizations. Half of the hijacked devices were located in the U.S., Wray said.

“This was another successful disruption, but make no mistake — it’s just one round in a much longer fight,” Wray said. “The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies, and we’ll continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns, and bring them to light.”

Flax Typhoon was described in a Microsoft report in August 2023 that said the group had stepped up its targeting of Taiwanese organizations as well as government agencies in other countries.

The disruption was revealed nine months after Wray disclosed to Congress a separate takedown of a Chinese state-sponsored hacking group known as Volt Typhoon, in which U.S.-based small office and home routers owned by private citizens and companies were hijacked by hackers to cover their tracks as they sowed the malware. Their ultimate targets included water treatment plants, the electrical grid and transportation systems across the U.S.