The government of Paraguay announced on Tuesday that, with the help of the United States, it had identified Chinese state-sponsored hackers who infiltrated the nation’s government networks.
The Paraguayan technology minister made the announcement in a joint statement with the U.S. Embassy in Asunción following a joint cybersecurity review of Paraguayan government networks conducted by local officials and the U.S. Southern Command (SOUTHCOM).
The review found that Flax Typhoon, a hacker group linked to the Chinese communist regime, had infiltrated the Paraguayan government’s systems.
“Recent breaches of private telecommunications infrastructure in the United States demonstrate the importance of cooperation and strengthening of critical infrastructure, especially in the cyber and communications domains, to reduce vulnerabilities,” the U.S. Embassy in Asunción said.
The Paraguayan Technology Ministry explained that the joint review was part of a series of initiatives aimed at “strengthening Paraguay’s digital security, improving cyber defenses and mitigating potential damage from external threats,” highlighting the importance of cooperation for the strengthening of critical infrastructure.
“Paraguay, like every country, faces a variety of cybersecurity challenges, which is why the government of Paraguay reaffirms its commitment to work closely with international partners, such as the United States, to face the global challenges of cyberspace and protect its digital assets,” the Paraguayan Technology Ministry stated.
According to information published by Microsoft in 2023, the Chinese regime-linked Flax Typhoon hacking group has been active since mid-2021 and, at the time, had almost exclusively targeted Taiwanese government agencies, manufacturing, and IT organizations to engage in espionage. The group made minimal use of malware and instead relied on tools built into the company’s operating systems, along with some normally benign software to quietly remain in the Taiwanese networks.
While the group mainly targeted Taiwanese infrastructure, other victims were detected in Southeast Asia, as well as in North America and Africa. Microsoft explained that the group exploits known vulnerabilities to gain initial access to the targeted systems — only using malware to gain further access to the compromised networks if needed.
In September, an FBI operation dismantled a massive Chinese botnet that Flax Typhoon built by compromising over 260,000 devices in the United States and worldwide.
The U.S. Justice Department explained that the Chinese hackers had infected numerous types of consumer-grade devices such as network routers, internet protocol cameras, video recorders, and network-attached storage (NAS) devices. The hackers’ malware connected the devices into a botnet allegedly used to conduct malicious cyber activity disguised as regular internet traffic from the infected consumer devices. The FBI operation allowed U.S. authorities to take control of the malicious infrastructure and disabled the hackers from using the infected devices.
The Justice Department further explained that, during the course of the operation, there was an attempt to interfere with the FBI’s actions through an unsuccessful distributed denial-of-service (DDoS) attack against the operational infrastructure used by the Bureau in the operation.
A DDoS is a type of cyber-attack where a server or network is flooded by an excessive surge of traffic that can overwhelm or outright crash the targets, rendering them inaccessible for the duration of the attack.
“The Justice Department is zeroing in on the Chinese government backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” Attorney General Merrick Garland said at the time.
“As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world. We will continue to aggressively counter the threat that China’s state- sponsored hacking groups pose to the American people,” he continued.
Last week, the FBI informed that an investigation found a “broad and significant” cyberespionage campaign mounted by the Chinese communist regime in Beijing aimed at stealing information from Americans politicians and government workers.
While the FBI did not identify individuals that the Chinese hackers targeted, it explained that most of them “are primarily involved in government or political activity,” adding that the hackers sought to copy “certain information that was subject to U.S. law enforcement requests pursuant to court orders.”
Christian K. Caruzo is a Venezuelan writer and documents life under socialism. You can follow him on Twitter here.