{"uuid": "d29dbde5-754c-4ca2-8a8b-47f3b9e077f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "People\u2019s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations", "description": "The Federal Bureau of Investigation (FBI), Cyber National Mission Force (CNMF), and National Security\nAgency (NSA) assess that People\u2019s Republic of China (PRC)-linked cyber actors have compromised\nthousands of Internet-connected devices, including small office/home office (SOHO) routers, firewalls,\nnetwork-attached storage (NAS) and Internet of Things (IoT) devices with the goal of creating a network of\ncompromised nodes (a \u201cbotnet\u201d) positioned for malicious activity. The actors may then use the botnet as a\nproxy to conceal their identities while deploying distributed denial of service (DDoS) attacks or\ncompromising targeted U.S. networks.\nIntegrity Technology Group, a PRC-based company, has controlled and managed a botnet active since mid-\n2021. The botnet has regularly maintained between tens to hundreds of thousands of compromised\ndevices. As of June 2024, the botnet consisted of over 260,000 devices. Victim devices part of the botnet\nhave been observed in North America, South America, Europe, Africa, Southeast Asia and Australia.\nWhile devices aged beyond their end-of-life dates are known to be more vulnerable to intrusion, many of the\ncompromised devices in the Integrity Tech controlled botnet are likely still supported by their respective vendors.\nFBI, CNMF, NSA, and allied partners are releasing this Joint Cyber Security Advisory to highlight the threat\nposed by these actors and their botnet activity and to encourage exposed device vendors, owners, and\noperators to update and secure their devices from being compromised and joining the botnet. Network\ndefenders are advised to follow the guidance in the mitigations section to protect against the PRC-linked\ncyber actors\u2019 botnet activity. Cyber security companies can also leverage the information in this advisory to\nassist with identifying malicious activity and reducing the number of devices present in botnets worldwide.\nFor additional information, see U.S. Department of Justice (DOJ) press release.\n\n[https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF](https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF)", "creation_timestamp": "2024-09-24T12:13:05.859516+00:00", "timestamp": "2024-09-25T06:16:33.160046+00:00", "related_vulnerabilities": ["CVE-2024-5217", "CVE-2024-4577", "CVE-2023-47218", "CVE-2024-29269", "CVE-2023-50386", "CVE-2024-29973", "CVE-2024-21762"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}