The FBI and international partners dismantled a China-backed botnet run by the Integrity Technology Group, a company linked to Chinese government espionage. FBI Director Christopher Wray announced the operation on Wednesday during the Aspen Digital Security Conference, revealing that the botnet, controlled by Flax Typhoon, had targeted U.S. critical infrastructure. The botnet, consisting of 260,000 infected devices, was built using Mirai malware and attacked U.S. entities, including academics and government agencies.

Botnet dismantled: After the FBI’s Cyber National Mission Force gained control of the botnet’s command servers, the Chinese hackers attempted a counterattack but were ultimately forced to destroy their infrastructure. The FBI estimates that the botnet compromised over a million devices.

FBI ransomware negotiations: Additionally, Wray praised the FBI’s efforts to combat ransomware, highlighting how the agency has saved organizations over $800 million by reverse-engineering ransomware and providing decryption keys. In a notable shift, Wray disclosed that the FBI now helps negotiate ransomware payments in extreme cases. He cited an instance where the FBI helped a U.S. cancer treatment center reduce a ransom demand from $450,000 to $50,000, enabling the hospital to resume critical services.

The U.S. government is pushing for an international treaty to ban ransom payments by government bodies, with the White House leading negotiations through its Counter Ransomware Initiative. The treaty aims to strengthen global cybersecurity efforts by curbing ransom payments to cyber criminals.