Flax Typhoon Botnet: 1.2 Million Devices Compromised

U.S. authorities have leveled serious charges against a major Chinese company specializing in cybersecurity. Integrity Technology Group, whose shares are listed on the Shanghai Stock Exchange, has found itself at the center of an international scandal.

FBI Director Christopher Wray stated that the company is directly involved in state-sponsored hacking activities by the Chinese government. According to him, Integrity Tech operates a botnet linked to the hacking group Flax Typhoon.

In a joint statement, U.S. cybersecurity agencies revealed intriguing details. Since 2021, the company has allegedly breached hundreds of thousands of Internet of Things (IoT) devices. The MySQL database used to manage the botnet contains information on more than 1.2 million compromised devices. As of June this year, Integrity Tech had infected over 260,000 machines. Experts discovered that the company used the same IP addresses for both managing the botnet and accessing infrastructure involved in attacks on U.S. organizations.

The FBI conducted an investigation and concluded that the methods and infrastructure used in the attacks align with the tactics of the Flax Typhoon group. This group had previously been involved in espionage against organizations in Taiwan.

Christopher Wray emphasized the scale of the threat, stating that Flax Typhoon targets “everyone: from corporations and media to universities and government agencies.” He noted that about half of the botnet’s compromised devices are located within the U.S.

The company is also one of the organizers of the Matrix Cup—a hacking competition that plays a key role in China’s talent identification and development system.

Recently, Natto Thoughts published a document detailing the inner workings of the Matrix Cup. The competition serves to cultivate domestic hacking talent and expands intelligence agencies’ access to critical vulnerabilities. One of the authors, Eugenio Benincasa, underscores: “The fact that a company at the heart of this ecosystem is simultaneously involved in state-sponsored activities is highly indicative.”

According to a report by researcher Dakota Cary from the Center for Security and Emerging Technology at Georgetown University, Integrity Group is a leading developer of Chinese cyber ranges, another crucial component of their talent development system. The organization’s activities have even been praised in China’s Ministry of State Security journal.

The accusations against Integrity Tech are not the first time the U.S. has pointed to Chinese commercial entities’ involvement in state-backed hacking activities. In 2017, similar accusations were made against the company Boyusec. However, the scale of Integrity Group’s operations is far greater.

According to the Shanghai Stock Exchange, the company’s market capitalization stands at approximately $318 million, with revenue of around $56 million. In its official documents, Integrity Group positions itself as a seller of legitimate network security products, though apparently only for domestic customers. By the end of 2023, the company employed 498 people, nearly half of whom are engaged in the technology sector.