People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations

The FBI, Cyber National Mission Force (CNMF), and National Security Agency (NSA) have identified a botnet linked to the People’s Republic of China (PRC) that has compromised thousands of internet-connected devices, including routers, firewalls, NAS, and IoT devices. Managed by Integrity Technology Group, a PRC-based company, this botnet consists of over 260,000 devices as of June 2024 and is active globally. These compromised devices are being used for malicious activities, including DDoS attacks and targeting U.S. networks. The recent report underscores the vulnerability of older devices, although many affected devices remain vendor-supported. It aims to raise awareness of this cyber threat and provide guidance for network defenders to mitigate risks. The FBI has linked this botnet to PRC-based groups using IP addresses from China Unicom, emphasizing the urgent need for cybersecurity firms and device operators to act on this information to combat botnet activities worldwide. For more information, please visit Compromise Routers and IoT Devices.