In September 2024, the FBI and CISA announced the disruption of a botnet operated by Flax Typhoon, a Chinese state-sponsored threat actor (also tracked as RedJuliett/Ethereal Panda). The botnet, dubbed ‘Raptor Train’ by security researchers at Black Lotus Labs, compromised over 260,000 internet-connected devices including home routers, IP cameras, DVRs, and NAS drives — primarily exploiting default credentials and known CVEs in SOHO/IoT devices. The botnet infected devices in North America (48%), Europe, Asia, and elsewhere, and was used to conduct espionage and facilitate attacks on US critical infrastructure, defense, education, and telecom sectors. Court-authorized actions were taken to disrupt the botnet in September 2024. Flax Typhoon is distinct from Volt Typhoon but pursues similar pre-positioning goals against critical infrastructure.