新闻来源:www.cnn.com
原文地址:FBI says it has disrupted major Chinese hacking operation that threatened US critical infrastructure
新闻日期:2024-09-18
美国联邦调查局(FBI)通过法庭命令已成功控制了一张由数十万台被黑客入侵的互联网路由器和其他设备组成的网络,这些设备正被中国政府支持的黑客用来威胁美国及海外的关键基础设施。这是FBI局长克里斯托弗·雷伊在华盛顿DC的一场关于网络安全峰会上的说法。“这只是漫长战斗中的一个环节。”他说,“中国政府将继续攻击各组织和我们的关键基础设施。”
根据美国官员的说法,这个庞大的黑客网络已经存在多月。它曾在今年6月包括来自北美、南美乃至澳大利亚的超过26万台被入侵设备。雷伊表示,在这些设备中,约有一半位于美国境内。
中国驻华盛顿大使馆的一名发言人称,美国方面的指控“毫无根据”,并指责美国政府对中国进行网络攻击。这是中美两国在网络空间关系紧张时的最新一次针锋相对。
去年12月底,这个黑客网络曾对美国军事及其他政府部门进行了广泛的扫描。据美国科技公司Lumen Technologies称,当时其正在调查该活动的情况。
雷伊说,这个被FBI和盟友控制的网络造成了“全公司动员”的网络安全事件,并给一家未命名的加州组织带来了“重大经济损失”。
不过,这次破坏主要是关于该网络可能做的和实际做了的区别。据专家分析,这个由“僵尸”计算机组成的军队已经对美国政府网络构成了一个持续的威胁。
今年1月,雷伊曾向国会表示,另一支中国支持的黑客部队正潜伏在美国的交通和通信网络中,准备利用其访问权扰乱任何针对台湾可能面临的中国入侵的美国反应。他当时称这支部队将“给美国带来混乱,并造成现实伤害”。
Lumen研究人员指出,这个中国的黑客网络具备定制化的攻击能力。但目前尚无迹象表明中国黑客会重新启动该网络。
据FBI表示,去年2月,他们已成功破坏了俄罗斯军事情报机构用以对美国及其欧洲盟友实施网络间谍活动的一张包含1000多台被入侵互联网路由器的网络。
今年9月18日,由于执法部门的努力和“null routing”的作用,这个中国黑客网络已被停运。“null routing”是互联网技术提供商用来阻止数据发送到特定IP地址的一种方法。据FBI的说法,过去三年里,一家名为Integrity Technology Group的中国企业管理着这张网络。目前,CNN已请求该公司对此发表评论。
安全咨询公司SentinelOne的研究员Dakota Cary表示,这家中国科技公司“参与了许多中国最重要的项目,并致力于提升其黑客能力”。他指出,命名该公司的意义在于展示了盟国政府对中国操作的能见度,也有助于研究人员进一步了解这家公司。
原文摘要:
The FBI has used a court order to seize control of a network of hundreds of thousands of hacked internet routers and other devices that Chinese government-linked hackers were using to threaten critical infrastructure in the US and overseas, FBI Director Christopher Wray said Wednesday. “It is just one round in a much longer fight,” Wray said in a speech at the Aspen Cyber Summit in Washington, DC. “The Chinese government is going to continue to target your organizations and our critical infrastructure.” The massive web of hacked devices — known as a botnet — was a menace that the Chinese hackers could have used to conduct targeted cyberattacks on US companies or government agencies, according to an advisory released by the US and its “Five Eyes” allies (the English-speaking alliance that includes Australia, Canada, New Zealand and the United Kingdom). As of June, the botnet included over 260,000 hacked devices from all over the world, from North and South America to Australia, according to US officials. Those hacked devices ranged from webcams to DVRs to routers, and about half of them were located in the US, according to Wray. A spokesperson for the Chinese Embassy in Washington called the US allegations “groundless” and accused the US government of conducting cyberattacks against China. It’s the latest tit-for-tat in the often-tense relations between US and China in cyberspace. The US government has long warned that another Chinese government-backed hacking group has been lurking in US transportation and communication networks, waiting to use that access to disrupt any US response to a potential Chinese invasion of Taiwan. That Chinese hacking unit is preparing to “wreak havoc and cause real-world harm” to the US, Wray told Congress in January. A tool of choice The botnet targeted by the FBI and its allies on Wednesday was an active menace, Wray said in his speech. The botnet caused “an all-hands-on deck cybersecurity incident” for one unnamed California-based organization, causing “significant financial loss,” the FBI director said. But Wednesday’s takedown was more about what the botnet could have done than what it did. The army of zombie computers has been a quiet and looming threat to US government networks for many months, according to experts. In late December 2023, the botnet’s operators “conducted extensive scanning efforts” of US military and other government agencies, according to US tech firm Lumen Technologies, which investigated the activity. Botnets are a tool of choice for both cybercriminals and state-backed hackers because users around the world are often unaware that their computers have been hijacked for scamming or espionage. The FBI said in February that it had helped disrupt a network of over 1,000 hacked internet routers that Russia’s military intelligence agency was allegedly using for cyber espionage operations against the United States and its European allies. The Chinese botnet targeted on Wednesday had an array of capabilities, including the ability to conducted tailored cyberattacks using the devices it had compromised, according to Lumen researchers. Lumen researchers are watching for signs that the Chinese hackers will resurrect the botnet. But for now, “we assess that the botnet has been taken offline due to a combination of law enforcement efforts and null routing as of September 18,” Danny Adamitis, principle information security engineer at Lumen’s Black Lotus Labs threat intelligence division, told CNN. Null routing is a process that internet technology providers can use to stop data from being sent to a specific IP address. A Chinese company named Integrity Technology Group managed the botnet for the last three years, according to US officials. CNN has requested comment from the company. The Chinese tech firm is “involved in many of China’s most important programs and efforts to improve its hacking capabilities,” Dakota Cary, a consultant at security firm SentinelOne who focuses on China, told CNN. “The naming of the company is significant as it demonstrates allied governments’ visibility into China’s operations, as well as enabling researchers to further investigate the company.”
