Home Innovation Cyber Security New "Raptor Train" I...
Cyber Security
Business Honor
19 September, 2024
Chinese state-sponsored botnet targets SOHO and IoT devices, with U.S. as a major victim.
The "Raptor Train" botnet, an advanced network made up of over 200,000 hijacked IoT and small office/home office (SOHO) devices, has been made public by cybersecurity researchers. The botnet, which has been active since at least May 2020 and peaked at 60,000 active devices in mid-2023, is attributed to the Chinese nation-state threat actor Flax Typhoon.
With hacked devices making up the first tier, command-and-control servers making up the second tier, and centralized administration nodes making up the third, the Raptor Train infrastructure is organized into three distinct layers. Devices from several manufacturers, mostly in the United States, Taiwan, and Vietnam, are targeted; these devices include routers, IP cameras, and NAS.
Distribution Denial of Service (DDoS) attacks have not yet been detected, despite its wide reach. The botnet has, however, been connected to attempts at exploitation of essential systems, especially in the IT and military industries. The botnet was taken down as a result of a recent U.S. Department of Justice operation, underscoring persistent worries about state-sponsored cyberthreats.
IoT devices, in particular, are still at risk of advanced cyberattacks, and this incident highlights the need for increased cybersecurity precautions.