Wu Ming — 1 year ago(September 25, 2024 09:38 AM)

Around 1.2 million IoT devices were part of a botnet worldwide.
The FBI has now shut it down.
Image created with AI in Bing Designer.
According to the Department of Justice, US prosecutors have shut down the IoT botnet dubbed
"Raptor Train"
based on a court order. Michael Horka, Senior Lead Information Security Engineer at Black Lotus Labs, explained that all IP traffic to the command and control servers (C2), payload servers and the rest of the botnet infrastructure are routed via zero routing, let it run empty.
The FBI took over parts of the infrastructure and instructed the bots to switch off.
Black Lotus Labs is part of the IT security provider Lumen Technologies and first brought
Raptor Train
to the attention of prosecutors in mid-2023. Lumen Technologies described the structure of the botnet in detail.
Raptor Train: Chinese-controlled Botnet
​
According to the FBI, the botnet was operated by a Chinese company called Integrity Technology Group (Integrity Tech), which authorities allege has ties to the Chinese government.
Companies like Microsoft and Crowdstrike refer to the state hacking force as
"Flax Typhoon"
.
In June
Integrity Tech
controlled more than 260,000 routers, web cams and NAS devices around the world.
Affected manufacturers include Asus, DrayTek, Hikvision, Microtik, Mobotix, Qnap, Synology, TP-Link, Ruckus Wireless and Zyxel. According to Michael Horka, who presented the
Raptor Train
at the Labscon 2024 security conference, no Zero-Day-Exploits were used to infect the devices. But the infrastructure is designed for this.
The prosecutors list all of the vulnerabilities exploited by
Raptor Train
.
Many of the affected devices are still provided with security updates by the manufacturers.
….
….
https://www.heise.de/news/Heim-Router-Webcams-NAS-Geraete-Riesiges-IoT-Botnet-vom-FBI-abgeschaltet-9939939.html
September 23, 2024
Edit to add
Bravo, FBI!
Serious meant, no irony.