Pirrico
Registered User
- Posts
- 70
- Posts Power
- 70.0%
- Liked
- 16
- Joined
- Sep 17, 2024
A newly discovered botnet called "Raptor Train," believed to be operated by a Chinese state-sponsored threat actor known as Flax Typhoon. This sophisticated botnet has compromised over 200,000 small office/home office (SOHO) and IoT devices worldwide since its inception in May 2020, with a peak of 60,000 active devices in June 2023.
Raptor Train employs a three-tiered architecture consisting of compromised devices (Tier 1), exploitation and command-and-control servers (Tier 2), and centralized management nodes (Tier 3). The botnet targets various devices from manufacturers such as ActionTec, ASUS, DrayTek, and others, with infected nodes primarily located in the U.S., Taiwan, Vietnam, Brazil, Hong Kong, and Turkey.
The botnet uses a custom Mirai variant called Nosedive to infect devices, and has been linked to four distinct campaigns since 2020. While no DDoS attacks have been detected, Raptor Train has been used to target U.S. and Taiwanese entities in sectors including military, government, education, and telecommunications. The botnet's sophisticated infrastructure and targeting patterns suggest it is a powerful tool for potential cyber espionage and attacks.
Raptor Train employs a three-tiered architecture consisting of compromised devices (Tier 1), exploitation and command-and-control servers (Tier 2), and centralized management nodes (Tier 3). The botnet targets various devices from manufacturers such as ActionTec, ASUS, DrayTek, and others, with infected nodes primarily located in the U.S., Taiwan, Vietnam, Brazil, Hong Kong, and Turkey.
The botnet uses a custom Mirai variant called Nosedive to infect devices, and has been linked to four distinct campaigns since 2020. While no DDoS attacks have been detected, Raptor Train has been used to target U.S. and Taiwanese entities in sectors including military, government, education, and telecommunications. The botnet's sophisticated infrastructure and targeting patterns suggest it is a powerful tool for potential cyber espionage and attacks.