Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Experts Warn of Chinese Raptor Train Botnet

September 19, 2024
Reading Time: 2 mins read
in Alerts
Experts Warn of Chinese Raptor Train Botnet

A newly uncovered botnet, dubbed “Raptor Train,” has compromised more than 200,000 IoT devices globally, marking one of the largest state-sponsored botnets discovered to date. The botnet, operational since 2020, primarily targets small office/home office (SOHO) routers, IP cameras, DVRs, and NAS devices. Researchers at Lumen’s Black Lotus Labs attribute the botnet to Flax Typhoon, a Chinese nation-state hacking group also known as Ethereal Panda. Raptor Train’s infrastructure relies on a three-tiered architecture that enables large-scale exploitation of devices, with the compromised devices functioning as an army for malicious activities.

The botnet operates using a custom variant of the notorious Mirai malware called “Nosedive,” which allows the attackers to execute commands, upload and download files, and mount distributed denial-of-service (DDoS) attacks. A key feature of the botnet is its re-exploitability—despite lacking persistent malware that survives device reboots, attackers can reinfect devices at will. Raptor Train targets devices from manufacturers like ASUS, Hikvision, TP-Link, and Synology, with compromised devices primarily located in the U.S., Taiwan, Vietnam, and Brazil.

Recent law enforcement action led to a significant takedown of the botnet’s infrastructure. The FBI, in coordination with other agencies, seized servers linked to Raptor Train and disabled the malware on infected devices. Investigations revealed that the botnet was controlled by Integrity Technology Group, a Beijing-based company. This firm used the botnet for cyber espionage and reconnaissance, targeting entities in the military, government, education, telecommunications, and defense sectors, particularly in the U.S. and Taiwan.

The scale of the botnet is alarming, with over 260,000 devices affected by June 2024. Its operational reach is vast, using sophisticated management tools like the Sparrow application to oversee command-and-control servers and infected nodes. U.S. officials have warned that botnets like Raptor Train are likely to continue evolving, posing a persistent threat to critical infrastructure worldwide.

Reference:
  • Experts Issue Urgent Warning About Chinese Raptor Train IoT Botnet
Tags: BotnetChinaCyber AlertsCyber Alerts 2024Cyber threatsFlax TyphoonIOTMalwareMiraiSeptember 2024
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial