OTTAWA – China-backed cyber criminals hijacked nearly 10,000 devices in Canada and used them to hack government, university and critical infrastructure networks and steal confidential data, according to the FBI.
Last week, the U.S. government revealed that it had “destroyed” a network run by a hacker group that infected hundreds of thousands of devices around the world and then used them to steal sensitive data.
According to the FBI, a group of hackers “working at the direction of the Chinese government” called Flax Typhoon operated a “botnet” that gave them control of over 260,000 malware-infected devices in nearly 20 countries. The criminals then used the devices to hack into systems all the while appearing to be regular internet traffic.
Through a U.S. court-approved operation on Sept. 18, the FBI says it hacked into Flax Typhoon’s computers, took control of their botnet and remotely disabled the malware used to control the infected devices.
A spokesperson for the Canadian Security and Intelligence Service (CSIS) confirmed that at least 9,200 of the infected devices — such as routers and internet-connected storage devices, cameras and video recorders — were based in Canada.
“In cooperation with foreign and domestic partners, CSIS worked to mitigate the threat posed by the botnet, which we assess remains disrupted,” spokesperson John Townsend said in an email.
“While the number of devices that form part of a botnet is constantly evolving, all implicated devices are considered victims, including the 9,200 Canadian-based compromised devices in this particular botnet,” he added.
During a speech last week, FBI Director Christopher Wray said Flax Typhoon masqueraded publicly as an information security company called Integrity Technology Group.
Wray noted that the company’s chairman “has publicly admitted that for years his company has collected intelligence and performed reconnaissance for Chinese government security agencies.”
“Flax Typhoon was targeting critical infrastructure across the U.S. and overseas, everyone from corporations and media organizations to universities and government agencies,” he told attendees of the Aspen Cyber Summit.
Wray said despite the successful takedown of Flax Typhoon’s network of bots, the Chinese group had managed to inflict “real harm” to victims between the launch of the botnet in 2021 and when it was “disrupted” earlier this month.
“One organization in California, for instance, suffered an all-hands-on-deck cybersecurity incident, and IT staff needed to work long hours to remediate the threats and replace hardware — all of which took swaths of the organization offline and caused a significant financial loss,” he explained.
Neither CSIS nor the Communications Security Establishment (CSE), Canada’s cyber-defence agency, said whether Canadian organizations or data were compromised by Flax Typhoon.
During his speech, the FBI director warned that there was still a “much longer fight” ahead with the People’s Republic of China.
“The Chinese government is going to continue to target your organizations and our critical infrastructure — either by their own hand or concealed through their proxies,” he said.
His comments were echoed on Thursday by top officials at CSE testifying at the Canadian Public Inquiry into Foreign Interference. Canadian intelligence agencies have increasingly warned of the growing threat posed by China against Canadian individuals and organizations.
CSE head Caroline Xavier told the inquiry that Beijing is not just a “sophisticated” threat actor, but also “a persistent actor, a patient actor, an actor that has become a bit more assertive within the last few years.”
The head of CSE’s signals intelligence, Alia Tayyeb, said that the Chinese government and its proxies are using a growing range of “foreign interference tools” to monitor critics, infiltrate government networks and generally advance its domestic and foreign policy objectives.
She also pointed to a growing strategy of “hack and leak.”
“In addition to the cyber threats, I would say we’ve seen increased use of social media campaigns” as well as a growing interest by Beijing for “big data collection.”
One of the ways its suspected of doing the latter is through applications like TikTok, owned by Chinese company ByteDance. CSIS and the U.S. believe that the popular social media app offers a backdoor to the Chinese government to access user data across the world.
National Post
Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our daily newsletter, Posted, here.