FBI Director Announces Chinese Botnet Disruption, Exposes Flax Typhoon Hacker Group’s True Identity at Aspen Cyber Summit 

Joint operation with partners released botnet’s grip on thousands of devices 

Botnet Attack, illustration

Illustration of a botnet attack


The FBI and our partners disrupted a Chinese botnet and freed thousands of impacted devices from its clutches, Director Christopher Wray announced September 18. 

The botnet, which was operated by a Chinese government-sponsored hacker group known as Flax Typhoon, targeted internet-connected devices such as storage devices, cameras, and video recorders to compromise victims’ systems and steal their confidential data, Director Wray said during a keynote at the 2024 Aspen Cyber Summit in Washington, D.C.

“Ultimately, as part of this operation, we were able to identify thousands of infected devices, and, then, with court authorization, issued commands to remove the malware from them, prying them from China's grip,” Wray said.  

Approximately half of the devices under the botnet’s control were based in the United States, he noted. The hacker group’s targets included organizations in the public and private sectors, as well as academia and the media, he added. Wray also revealed the hacker group’s true identity to be an information security company known as the Integrity Technology Group. “But their chairman has publicly admitted that for years his company has collected intelligence and performed reconnaissance for Chinese government security agencies,” Wray added. 

Wray called the cyber disruption a success but cautioned that the effort was “just one round in a much longer fight.” 

“The Chinese government is going to continue to target your organizations and our critical infrastructure—either by their own hand or concealed through their proxies,” Wray said. “And we’ll continue to work with our partners to identify their malicious activity, disrupt their hacking campaigns, and bring them to light.” 

Saving victims time and money 

During his remarks, Wray also underscored the Bureau’s dedication to working with victims of cyber intrusions, whether they’re individuals or organizations. According to Wray, reporting ransomware attacks to the FBI can potentially help us: 

  • Recover ransomed data 
  • Negotiate-down ransoms demanded by cybercriminals—or spare victims from having to pay ransoms at all 
  • Help impacted organizations resume their normal operations in a speedy manner 

“I’m extremely proud to report that, in just the past two years, the FBI has handed out nearly 1,000 decryptors, and we’ve saved victims around the world something like $800 million in ransom payments,” Wray said. 

Decryptors—also known as decryption keys—function like passwords to unlock data that ransomware criminals hold captive. But, Wray explained, some of those keys require information about the victim to work.  

So it’s paramount that organizations contact the FBI if they fall victim to ransomware attacks. Otherwise, he cautioned, the Bureau “might not be able to make that match—and we might not be able to save you that ransom payment.” 

Wray also discussed how information sharing between the Bureau and our public and private sector partners can help the FBI combat ongoing cyberattacks and lessen the impact of future cyber incidents.  

As an example, he pointed to a recent interagency effort to alert the private sector that a pro-Russian hacktivist group was targeting “operational technology networks.”  

“They had set their sights across our critical infrastructure—from dams and wastewater systems to the energy, food, and agriculture sectors,” Wray explained.  

But, he said, the FBI’s joint advisory about the cyber threat allowed private sector organizations to fix the vulnerability these bad actors were using to infiltrate networks, thereby protecting the companies and the American public, alike. 

“So, if there’s only one thing you take away from my time here today, I hope it’s this: The FBI needs and wants to work with you,” Wray said. “Let us save you money, save you time, and save you from future attacks so that you can keep your organization’s focus where it should be: on your operations, and—together—we can help keep our nation safe.” 

West Palm Beach investigation updates 

During his remarks, Wray also addressed the Bureau’s investigation into the September 15 assassination attempt on former President Donald Trump.  

“For the second time in just over two months, we’ve witnessed what appears to be an attempt to attack our democracy and our democratic process,” he said. “I’m relieved that former President Trump is safe, and I want the American people to know the men and women of the FBI are working tirelessly to get to the bottom of what happened.” 

Wray acknowledged that the ongoing nature of the investigation limited how much the Bureau could say about the matter. 

“What I can say is that we have dedicated the full force of the FBI to this investigation, and that runs the gamut from criminal to national security resources, from tactical support to Evidence Response Teams, from forensic scientists to operational technology personnel,” he said.“Together, we’re working around the clock to investigate this.” 


"... If there’s only one thing you take away from my time here today, I hope it’s this: The FBI needs and wants to work with you."

FBI Director Christopher Wray

The Cyber Action Team

When major computer intrusions happen, the FBI's Cyber Action Team—a rapid deployment group of cyber experts—can be on the scene just about anywhere in the world within 48 hours, providing investigative support and helping to answer critical questions that can quickly move a case forward.