- Morning Brief
- Posts
- China-Backed Group Hacked Over 9,000 Devices in Canada as Part of Global Operation, FBI Says
China-Backed Group Hacked Over 9,000 Devices in Canada as Part of Global Operation, FBI Says
A map of China is seen through a magnifying glass on a computer screen showing binary digits in this file photo. Edgar Su/File Photo/Reuters
Over 9,000 consumer devices in Canada have been compromised by a Beijing-backed hacker group that installed malicious software on hundreds of thousands home and office internet-connected devices worldwide, an assessment done by U.S. authorities has found.
The hacker group called “Flax Typhoon” has controlled and managed a large network of compromised devices—a botnet—that’s been active since mid-2021, says a Sept. 18 “Joint Cybersecurity Advisory“ issued by the FBI and two other U.S. national security agencies along with partner agencies in Canada, Australia, New Zealand, and the UK.
The devices, such as routers, digital video recorders, internet protocol cameras, and network-attached storage devices, are infected with a type of malware that allows the hackers to have unauthorized remote access and to carry out cyber crimes. Using the botnet as a proxy, they are able to conceal their identities during cyberattacks and other malicious activities.
“As of June 2024, the botnet consisted of over 260,000 devices. Victim devices which are part of the botnet have been observed in North America, South America, Europe, Africa, Southeast Asia and Australia,” the advisory stated.
The advisory said approximately 9,200 of those devices are based in Canada, accounting for just 3.5 percent of the total. The United States was hit hardest, with 126,000 affected devices, representing 47.9 percent of the total, far surpassing the next most impacted country, Vietnam, with 21,100 compromised devices.
The Epoch Times reached out to the Canadian Security Intelligence Service and Communications Security Establishment Canada for comment but did not hear back immediately.
The hackers of Flax Typhoon, backed by the People’s Republic of China (PRC), work for a Beijing-based publicly traded company called Integrity Technology Group that has several Chinese state-owned enterprises as key stakeholders.
The company has developed an online application that allows its customers to “log in and control specified infected victim devices,” according to court documents unsealed in the Western District of Pennsylvania, which detail the investigation of the botnet by an unnamed FBI special agent.
Botnets Disrupted
Citing the unsealed court documents, the U.S. Justice Department on Sept. 18 announced that a court-authorized law enforcement operation had disrupted the worldwide botnet.
The department said the Flax Typhoon hackers tried to interfere with the FBI-led international operation via a distributed denial-of-service attack, a cyberattack that floods a website or server with excessive traffic to make it function poorly or be knocked offline completely.
The attack targeted infrastructure the FBI was using to carry out the court’s orders but ultimately failed to stop the FBI from disrupting the botnet.
“The Justice Department is zeroing in on the Chinese government backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” U.S. Attorney General Merrick B. Garland said in a Sept. 18 press release.
“As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world. We will continue to aggressively counter the threat that China’s state- sponsored hacking groups pose to the American people.”
In late January, U.S. authorities had announced an earlier court-authorized operation that disrupted another Chinese state-backed botnet run by a hacker group known as “Volt Typhoon,” which infected hundreds of U.S.-based routers in small offices and home offices.
FBI Director Christopher Wray condemned Beijing for “targeting American civilian critical infrastructure and pre-positioning to cause real-world harm to American citizens and communities in the event of conflict.”
“Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans,” he said in the Jan. 31 press release.
Chinese cyberattacks against Canada are a key focus of ongoing investigations by a parliamentary committee as well as the current public inquiry into foreign interference. These investigations are examining a 2021 incident involving another Chinese hacker group, known as Advanced Persistent Threat Group 31 (APT31), which targeted members of an international legislative coalition including 18 Canadian parliamentarians.
Luke de Pulford, executive director of the global coalition Inter-Parliamentary Alliance on China (IPAC), testified before the House of Commons Standing Committee on Procedure and House Affairs on the matter on Sept. 26.
He told the committee of the possibility that APT31 hackers obtained the IPAC email distribution list through IPAC volunteer Andy Li. Li, a computer programmer, played a key role in a crowdfunding campaign to rally support for the 2019 pro-democracy movement in Hong Kong. He was later arrested while attempting to flee to Taiwan by speedboat, and reportedly faced torture while imprisoned in China.