Australia accuses Chinese hackers of hijacking routers and IoT devices
Make us a preferred source
Make us a preferred source on Google
The news: Australia has joined its other Five Eyes partners in attributing a wave of cyber attacks, compromising thousands of internet-connected devices, to Chinese hackers.
The context: The United States-led attribution accuses the hackers of compromising internet routers, network-attached storage and Internet of Things (IoT) devices to create a “botnet”.
The botnet — a network of hijacked devices — has been managed by a China-based company called Integrity Technology Group and been active since mid-2021.
The joint attribution, which was published overnight on the website of the nation's cyber spy agency, the Australian Signals Directorate, urges operators of exposed devices to urgently update their devices to prevent further hacks.
As of June 2024, the botnet consisted of over 260,000 devices which have been observed in North America, South America, Europe, Africa, Southeast Asia and Australia.
The botnet uses the Mirai family of malware, designed to hijack internet-connected devices such as webcams, DVRs, IP cameras, and routers running Linux-based operating systems. The Mirai source code was posted publicly on the Internet in 2016, resulting in other hackers creating their own botnets based on the malware.
Five Eyes is an intelligence alliance comprising of Australia, Canada, New Zealand, the UK and the US.
What they said: “FBI, CNMF, NSA, and allied partners are releasing this Joint Cyber Security Advisory to highlight the threat posed by these actors and their botnet activity and to encourage exposed device vendors, owners, and operators to update and secure their devices from being compromised and joining the botnet,” the attribution reads.
“Network defenders are advised to follow the guidance in the mitigations section to protect against the PRC [People's Republic of China]-linked cyber actors' botnet activity. Cyber security companies can also leverage the information in this advisory to assist with identifying malicious activity and reducing the number of devices present in botnets worldwide.
“Integrity Technology Group (Integrity Tech) is a company based in the PRC with links to the PRC government. Integrity Tech has used China Unicom Beijing Province Network IP addresses to control and manage the botnet described in this advisory.
“In addition to managing the botnet, these same China Unicom Beijing Province Network IP addresses were used to access other operational infrastructure employed in computer intrusion activities against US victims.
"FBI has engaged with multiple US victims of these computer intrusions and found activity consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda.”
The source: Australian Signals Directorate
