FBI and U.S. Department of Justice Takes down Raptor Train Botnet

The FBI and U.S. Department of Justice took down the Raptor Train botnet of over 250,000 devices worldwide and half of which were in the United States.

FBI and U.S. Department of Justice Take Down Raptor Train Botnet

This week, the FBI and U.S. Department of Justice took down the Raptor Train botnet of over 250,000 devices worldwide, half of which were in the United States. These devices were being used to infect more devices, conduct espionage, and carry out denial of service attacks against targets since 2020. In case you are unfamiliar, a botnet is a network of computers or Internet of Things (IoT) devices under the command of a person or group, referred to as the bot herder.

The malware used to infect the bots was a variant of the Mirai family, and it infected targets by exploiting known vulnerabilities in internet-connected devices, which include Small Office Home Office (SOHO) routers, Internet Protocol cameras, digital video recorders, and network-attached storage.

The FBI and other international law enforcement agencies took over the command and control servers of the botnet to shut it down and seized the equipment for forensic examination. Evidence collected and analyzed shows that as many as 1.5 million devices were infected by the malware.

The general public can take steps to ensure that they are not part of the problem by keeping their wireless routers, wireless security cameras, printers, NAS, and other IoT devices up to date with security patches. In response to the growing threat posed by the misuse of these devices, the FCC has proposed a voluntary labeling program for wireless IoT devices so that consumers can be sure that these devices comply with National Institute of Standards and Technology (NIST) standards. The labeling program is referred to as the U.S. Cyber Trust Mark. Additionally, consumers should purchase devices from reputable companies that respond to vulnerabilities in their devices and software. This will help limit the number of vulnerable targets that hacker groups can compromise to make part of their botnets.  

As MSU employees, we should follow the established policy and procedures and when unsure, seek assistance from MSU IT and Information Security to ensure that any I.T. or IoT equipment we purchase does not make the University unwitting participants in an attack or vulnerable to an attack. It also makes sense, if at all possible, to limit our IT purchases to major established suppliers and manufacturers with proven track records of addressing security vulnerabilities and providing ongoing support to customers. These products from proven suppliers and manufacturers may cost more but will be substantially less likely to experience unaddressed security vulnerabilities, security architecture issues, and security misconfigurations than cheap or off-branded products.

Did you find this article useful?