The Federal Beureua of Investigations (FBI) has said that it's pursuit of a China-based botnet resulted in Chinese operators of the botnet "burning down" their network once they figured out the FBI was on to them.
The botnet consisted of 260,000 various internet-connected devices that were used to gather intelligence on critical US infrastructure, government operations, academics, and more. Notably, the botnet was operated by the "Integrity Technology Group," who FBI director Christopher Wray said is linked to the People's Republic of China.
More than half of the total devices within the botnet were located in the United States, and following its discovery, the National Security Agency (NSA) and the FBI were called in to intervene. Wray said it was "all hands on deck" and after gaining court authorization, US officials took control of the botnet servers, which prompted a response by the People's Republic of China-linked group.
The operators decided to launch a DDoS attack on the FBI to disrupt their control over the botnet, but it wasn't successful. The botnet operators then attempted to switch to a backup system to presumably circumvent the FBI's control over the botnet, but the FBI prevented the switch from happening. After those attempts, the Flax Typhoon operators gave up, with Wray saying they "essentially burned down their new infrastructure and abandoned their botnet."
"We think the bad guys finally realized it was the FBI and our partners that they were up against, and with that realization, they essentially burned down their new infrastructure and abandoned their botnet," said Wray