Chinese-controlled Botnet Exposed by Five Eyes
Botnets are networks of compromised devices used by attackers to perform malicious activities without the owners' knowledge. Recently, cyber agencies from the Five Eyes alliance—comprising the United States, United Kingdom, Canada, Australia, and New Zealand—uncovered a vast Chinese-controlled botnet. This botnet comprises tens of thousands of unpatched Internet-connected devices such as firewalls, routers, and surveillance cameras.
The Scale of the Threat
The report issued by the Five Eyes alliance highlights how the Integrity Technology Group (Integrity Tech), linked to the Chinese government, has compromised devices across multiple continents, including North and South America, Europe, Africa, Southeast Asia, and Australia. The compromised devices range from those made by well-known manufacturers like Cisco and Fortinet, to software applications from Microsoft and Apache.
Why Devices are Vulnerable
Many devices in this botnet have been compromised due to unpatched vulnerabilities. Some of these devices stopped receiving security updates as far back as 2011. Despite being old, many of these devices are still operational and being exploited, which underscores the importance of timely software updates.
Expert Recommendations
David Shipley, from Beauceron Security, suggests following the European Union's Cyber Resilience Act, which requires manufacturers to ensure security patches for Internet-connected products. He emphasizes the need for automatic patching and alerts for devices reaching their end-of-life.
The US's Legal Action
In response, the US obtained a court order to dismantle this botnet, marking a significant step in disrupting such malicious networks. Previously, similar actions were taken against other botnets, like the 911 S5, affecting computers globally.
Mitigation Strategies
The FBI advises implementing several security measures to protect against botnets:
- Replace old equipment with supported models.
- Regularly apply updates and patches.
- Disable unnecessary services and ports on devices.
- Use network segmentation to limit risks.
- Monitor for unusual network traffic.
- Change default passwords to strong ones.
- Plan for regular device reboots to remove certain malware types.
Botnets continue to be a significant threat, emphasizing the need for robust cybersecurity practices. Keeping devices updated and monitoring them closely can help mitigate risks associated with such cyber threats.
