Five Eyes alliance seizes control of extensive spy tech network used by China

By Ellen Jennings-Trace published 19 September 2024

FBI boss says the botnet was ‘burned down’ once China realized it had lost control of the network

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock)

A network of devices has been seized by the western intelligence alliance, Five Eyes, taking control of a 260,000 device botnet. The network was reportedly in development since 2021, and was likely used to help Chinese actors breach critical infrastructure and government agencies in the US, Taiwan, and elsewhere.

The Five Eyes alliance, which is composed of the UK, US, Canada, Australia, and New Zealand, carried out the operation to dismantle the network. More than half of the devices were in the US, and consisted primarily of malware infected PCs and servers.

FBI Director Christopher Wray said that it was ‘all hands on deck’ when agents gained control of the network. The Chinese team then reportedly launched a DDoS strike to disrupt the Five Eyes efforts, but abandoned ship when it realized the efforts were futile, as they instead ‘burned down’ the infrastructure.

Just one round in the fight

It’s no secret that there have been tensions in the cyber security sphere between China and the US in recent years, and Wray confirms that whilst this was a successful operation, it is far from the end of Chinese efforts.

Despite this disruption, the risks remain prevalent from malicious actors who look to target western infrastructure. Efforts to stop Chinese cyberattacks have been officially named as the top priority for US security forces, and OPSWAT’s Eric Knapp confirms the vulnerabilities exposed by the operation,

“The recent advisory [PDF] from the NCSC highlights a clear supply chain risk—specifically how compromised hardware, often sourced from particular countries of origin, can be leveraged for nation-state cyber-espionage activities,” he said. “This is an example of how vulnerabilities in the supply chain can lead to widespread malicious activity such as DDoS attacks and anonymous malware delivery.”

Via The Register

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

More from TechRadar Pro

Check out our pick of the best firewall software around
FBI claims China could be set to launch attacks on US infrastructure any day
Take a look at our pick of the best antivirus for PC

Ellen Jennings-Trace

Social Links Navigation

Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.