Asophisticated network of over 260,000 compromised IoT devices, dubbed the Raptor Train botnet, has been operating undetected for four years. Linked to a Chinese nation-state threat actor, this botnet poses significant security risks to critical sectors in the U.S. and Taiwan.
The discovery of the Raptor Train botnet reveals the alarming scale and duration of its operation. Spanning from May 2020 to the present, the botnet has infected a wide range of devices, including routers, IP cameras, DVRs, and NAS from various manufacturers.
Flax Typhoon, also known as Ethereal Panda or RedJuliett, is the threat actor behind this botnet, as reported by Arstechnica. With alleged ties to the Chinese government, Flax Typhoon has orchestrated a complex three-tiered architecture to maintain control over the compromised devices.
According to Thehackernews, at the heart of the botnet is a custom variant of the Mirai malware called Nosedive. This malware allows the threat actors to execute commands, upload and download files, and launch devastating DDoS attacks.
Bugs Marlowe