Raptor Train (6d516363-4f83-4ba9-9726-1821b167e5e3)
Raptor Train is a large botnet, linked to Chinese espionage actor Flax Typhoon, that consisted of compromised small office/home office (SOHO) and IoT devices. Raptor Train is believed to have acted as a proxy to conceal further malicious activity such as targeted compromises of U.S. and Taiwanese networks.[Black Lotus Raptor Train September 18 2024][FBI PRC Botnet September 18 2024]
Initial compromises typically occurred through exploit of a large number of previously disclosed vulnerabilities, a list of which is provided in a September 2024 U.S. cybersecurity advisory.[FBI PRC Botnet September 18 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Raptor Train (6d516363-4f83-4ba9-9726-1821b167e5e3) | Tidal Software | Flax Typhoon (b39d8eae-12e3-4903-a387-4c31d16a73b2) | Tidal Groups | 1 |