75% of infected devices were located in homes and offices in North America and Europe.
The FBI has dismantled a massive network of compromised devices that Chinese state-sponsored hackers have used for four years to mount attacks on government agencies, telecoms, defense contractors, and other targets in the US and Taiwan.The botnet was made up primarily of small office and home office routers, surveillance cameras, network-attached storage, and other Internet-connected devices located all over the world. Over the past four years, US officials said, 260,000 such devices have cycled through the sophisticated network, which is organized in three tiers that allow the botnet to operate with efficiency and precision. At its peak in June 2023, Raptor Train, as the botnet is named, consisted of more than 60,000 commandeered devices, according to researchers from Black Lotus Labs, making it the largest China state botnet discovered to date.The vulnerabilities spanned the years 2019 through 2024. Black Lotus Labs found more than 20 different IoT device types infected. They include:
- Modems/Routers
- ActionTec PK5000
- ASUS RT-/GT-/ZenWifi
- TP-LINK
- DrayTek Vigor
- Tenda Wireless
- Ruijie
- Zyxel USG*
- Ruckus Wireless
- VNPT iGate
- Mikrotik
- TOTOLINK
- IP Cameras
- D-LINK DCS-*
- Hikvision
- Mobotix
- NUUO
- AXIS
- Panasonic
- NVR/DVR
- Shenzhen TVT NVRs/DVRs
- NAS
- QNAP (TS Series)
- Fujitsu
- Synology
- Zyxel