New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers at Lumen’s Black Lotus Labs have identified Raptor Train, a new botnet linked to Chinese nation-state threat actor Flax Typhoon. Operational since at least May 2020, with 60,000 compromised devices in 2023, Raptor Train has now enslaved over 200,000 SOHO routers, NVR/DVR devices, network-attached storage servers, and IP cameras. The botnet uses a three-tiered infrastructure, compromising SOHO/IoT devices and exploiting servers and command-and-control nodes.