Artwork

Content provided by Reimagining Cyber. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Reimagining Cyber or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !

U.S. Disrupts China-Linked Botnet: What's Going On? - Ep 116

13:56
 
Distribuie
 

Manage episode 441689104 series 3361845
Content provided by Reimagining Cyber. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Reimagining Cyber or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.

In this episode, Rob Aragao talks about a recent joint cybersecurity advisory highlighting People's Republic of China-linked actors compromising routers and IoT devices for botnet operations. The advisory points to over 260,000 IoT devices, impacted by a botnet called Raptor Train.

It’s being alleged that Integrity Technology Group (Integrity Tech) are behind the incident. The report says

“[Integrity Technology Group is a] company based in the PRC with links to the PRC government. Integrity Tech has used China Unicom Beijing Province Network IP addresses to control and manage the botnet described in this advisory. In addition to managing the botnet, these same China Unicom Beijing Province Network IP addresses were used to access other operational infrastructure employed in computer intrusion activities against U.S. victims. FBI has engaged with multiple U.S. victims of these computer intrusions and found activity consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda.”

Detected by Lumen’s Black Lotus Labs, the advisory was issued by the FBI, NSA, and Cyber National Mission Force.

Rob explains that the botnet leverages code from the notorious Mirai malware, designed to exploit IoT devices running Linux-based systems, which has been in circulation for nearly a decade. He breaks down the architecture of the botnet, including its three-tier structure, and the role of compromised IoT devices, command-and-control servers, and management layers.

Additionally, the discussion explores China's growing focus on cybersecurity talent recruitment, including the Matrix Cup, a hacking competition co-sponsored by Integrity Technology Group. The episode also offers recommendations for mitigating IoT device vulnerabilities, such as strong password management, patch updates, and network segmentation.

Don't forget to rate, review, and subscribe to stay updated on future episodes!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

  continue reading

121 episoade

Artwork
iconDistribuie
 
Manage episode 441689104 series 3361845
Content provided by Reimagining Cyber. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Reimagining Cyber or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.

In this episode, Rob Aragao talks about a recent joint cybersecurity advisory highlighting People's Republic of China-linked actors compromising routers and IoT devices for botnet operations. The advisory points to over 260,000 IoT devices, impacted by a botnet called Raptor Train.

It’s being alleged that Integrity Technology Group (Integrity Tech) are behind the incident. The report says

“[Integrity Technology Group is a] company based in the PRC with links to the PRC government. Integrity Tech has used China Unicom Beijing Province Network IP addresses to control and manage the botnet described in this advisory. In addition to managing the botnet, these same China Unicom Beijing Province Network IP addresses were used to access other operational infrastructure employed in computer intrusion activities against U.S. victims. FBI has engaged with multiple U.S. victims of these computer intrusions and found activity consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda.”

Detected by Lumen’s Black Lotus Labs, the advisory was issued by the FBI, NSA, and Cyber National Mission Force.

Rob explains that the botnet leverages code from the notorious Mirai malware, designed to exploit IoT devices running Linux-based systems, which has been in circulation for nearly a decade. He breaks down the architecture of the botnet, including its three-tier structure, and the role of compromised IoT devices, command-and-control servers, and management layers.

Additionally, the discussion explores China's growing focus on cybersecurity talent recruitment, including the Matrix Cup, a hacking competition co-sponsored by Integrity Technology Group. The episode also offers recommendations for mitigating IoT device vulnerabilities, such as strong password management, patch updates, and network segmentation.

Don't forget to rate, review, and subscribe to stay updated on future episodes!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

  continue reading

121 episoade

Όλα τα επεισόδια

×
 
Loading …

Bun venit la Player FM!

Player FM scanează web-ul pentru podcast-uri de înaltă calitate pentru a vă putea bucura acum. Este cea mai bună aplicație pentru podcast și funcționează pe Android, iPhone și pe web. Înscrieți-vă pentru a sincroniza abonamentele pe toate dispozitivele.

 

Ghid rapid de referință