China Linked APT: Raptor Train Botnet Attacks IoT Devices

China Linked APT: Raptor Train Botnet Attacks IoT Devices China Linked APT: Raptor Train Botnet Attacks IoT Devices

A new cyber threat has caught the attention of experts, Lumen’s Black Lotus Labs found a new botnet called Raptor Train, made of IOT and small office/home office (SOHO) devices. Experts believe that Raptor Train has links to China-based APT group Flax Typhoon (aka RedJuliett or Ethereal Panda). The blog talks about the threat, its technique, and the solutions.

About Raptor Train Botnet

The Raptor Train Botnet aims to launch coordinated cyber-attacks, including data theft, espionage, and DDoS attacks. Experts believe the Botnet to be active from May 2020, reaching its highest with 60,000 compromised devices in June 2023. 

After May 2020, more than 200,000 devices- NVR/DVR devices, NAS servers, IP cameras, and SOHO routers have been compromised and added to the Raptor Train, becoming the largest China-linked IoT botnets founded. A C2 domain from a recent campaign was listed in the Cisco and Cloud fare Radar Umbrella “top 1 million” lists, suggesting large-scale device exploitation. Experts believe more than 100000 devices have been compromised because of Raptor Train Botnet.

Flax Typhoon: The APT Behind Botnet

Flax Typhoon is infamous for its cyber-espionage attacks, it has a past of attacking different industries- telecommunications companies, government agencies, and defense contractors. Flax Typhoon is

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: