The FBI has disrupted a second major Chinese hacking group, dubbed "Flax Typhoon," seizing control of thousands of compromised devices, according to FBI Director Christopher Wray.
During a speech at a cybersecurity conference in Washington, Wray revealed that Flax Typhoon, operated by a Chinese firm called the Integrity Technology Group, posed as an IT company while secretly gathering intelligence for Chinese government agencies.
Flax Typhoon's malicious activities were exposed through a joint advisory from British, Canadian, Australian, and New Zealand cyber officials. As of June, the group had infiltrated over 250,000 devices worldwide, using a vast network of compromised devices, or botnets, to conduct their operations.
The Chinese Embassy in Washington denied the accusations, calling them "unwarranted" and asserting that Beijing actively combats all forms of cyberattacks.
Flax Typhoon's tactics are reminiscent of a previously identified hacking group, "Volt Typhoon," which has been accused of targeting U.S. critical infrastructure. Like its predecessor, Flax Typhoon also focused on essential sectors, including corporations, universities, media organisations, and government agencies.
Director Wray noted that Flax Typhoon used botnets composed of hijacked devices such as cameras and digital storage systems to mask its operations. When the FBI moved to take control of the botnet, the hackers retaliated with a cyberattack before ultimately retreating.
Despite this success, Wray cautioned that the FBI’s battle with Chinese-backed cyber actors is far from over. “The action against Flax Typhoon was just one round in a much longer fight,” he said, promising continued efforts to neutralise China’s cyber operations.