Month: September 2024

Posted on

Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers

Source: United States Department of Justice Criminal Division

Note: View the affidavit here.

The Justice Department today announced a court-authorized law enforcement operation that disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide. As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity Technology Group, a company based in Beijing, and known to the private sector as “Flax Typhoon.”

The botnet malware infected numerous types of consumer devices, including small-office/home-office (SOHO) routers, internet protocol (IP) cameras, digital video recorders (DVRs), and network-attached storage (NAS) devices. The malware connected these thousands of infected devices into a botnet, controlled by Integrity Technology Group, which was used to conduct malicious cyber activity disguised as routine internet traffic from the infected consumer devices. The court-authorized operation took control of the hackers’ computer infrastructure and, among other steps, sent disabling commands through that infrastructure to the malware on the infected devices. During the course of the operation, there was an attempt to interfere with the FBI’s remediation efforts through a distributed denial-of-service (DDoS) attack targeting the operational infrastructure that the FBI was utilizing to effectuate the court’s orders. That attack was ultimately unsuccessful in preventing the FBI’s disruption of the botnet.

“The Justice Department is zeroing in on the Chinese government backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” said Attorney General Merrick B. Garland. “As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world. We will continue to aggressively counter the threat that China’s state- sponsored hacking groups pose to the American people.”

“Our takedown of this state-sponsored botnet reflects the Department’s all-tools approach to disrupting cyber criminals. This network, managed by a PRC government contractor, hijacked hundreds of thousands of private routers, cameras, and other consumer devices to create a malicious system for the PRC to exploit,” said Deputy Attorney General Lisa Monaco. “Today should serve as a warning to cybercriminals preying on Americans – if you continue to come for us, we will come for you.”

“This dynamic operation demonstrates, once again, the Justice Department’s resolve in countering the threats posed by PRC state-sponsored hackers,” said Assistant Attorney General Matthew G. Olsen of the National Security Division. “For the second time this year, we have disrupted a botnet used by PRC proxies to conceal their efforts to hack into networks in the U.S. and around the world to steal information and hold our infrastructure at risk. Our message to these hackers is clear: if you build it, we will bust it.”

“The disruption of this worldwide botnet is part of the FBI’s commitment to using technical operations to help protect victims, expose publicly the scope of these criminal hacking campaigns, and to use the adversary’s tools against them to remove malicious infrastructure from the virtual battlefield,” said FBI Deputy Director Paul Abbate. “The FBI’s unique legal authorities allowed it to lead an international operation with partners that collectively disconnected this botnet from its China-based hackers at Integrity Technology Group.”

“The targeted hacking of hundreds of thousands of innocent victims in the United States and around the world shows the breadth and aggressiveness of PRC state-sponsored hackers,” said U.S. Attorney Eric G. Olshan for the Western District of Pennsylvania. “This court-authorized operation disrupted a sophisticated botnet designed to steal sensitive information and launch disruptive cyber attacks. We will continue to work with our partners inside and outside government, using every tool at our disposal, to defend and maintain global cybersecurity.”

“The FBI’s investigation revealed that a publicly-traded, China-based company is openly selling its customers the ability to hack into and control thousands of consumer devices worldwide. This operation sends a clear message to the PRC that the United States will not tolerate this shameless criminal conduct,” said Special Agent in Charge Stacey Moy of the FBI San Diego Field Office.

According to the court documents, the botnet was developed and controlled by Integrity Technology Group, a publicly-traded company headquartered in Beijing. The company built an online application allowing its customers to log in and control specified infected victim devices, including with a menu of malicious cyber commands using a tool called “vulnerability-arsenal.” The online application was prominently labelled “KRLab,” one of the main public brands used by Integrity Technology Group.

The FBI assesses that Integrity Technology Group, in addition to developing and controlling the botnet, is responsible for computer intrusion activities attributed to China-based hackers known by the private sector as “Flax Typhoon.” Microsoft Threat Intelligence described Flax Typhoon as nation-state actors based out of China, active since 2021, who have targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan, and elsewhere. The FBI’s investigation has corroborated Microsoft’s conclusions, finding that Flax Typhoon has successfully attacked multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations.

A cybersecurity advisory describing Integrity Technology Group tactics, techniques and procedures was also published today by the FBI, the National Security Agency, U.S. Cyber Command’s Cyber National Mission Force, and partner agencies in Australia, Canada, New Zealand and the United Kingdom. 

The government’s malware disabling commands, which interacted with the malware’s native functionality, were extensively tested prior to the operation. As expected, the operation did not affect the legitimate functions of, or collect content information from, the infected devices. The FBI is providing notice to U.S. owners of devices that were affected by this court-authorized operation. The FBI is contacting those victims through their internet service provider, who will provide notice to their customers.

The FBI’s San Diego Field Office and Cyber Division, the U.S. Attorney’s Office for the Western District of Pennsylvania, and the National Security Cyber Section of the Justice Department’s National Security Division led the domestic disruption effort. Assistance was also provided by the Criminal Division’s Computer Crime and Intellectual Property Section. These efforts would not have been successful without the collaboration of partners, including French authorities, and Lumen Technologies’ threat intelligence group, Black Lotus Labs, which first identified and described this botnet, which it named Raptor Train, in July 2023.

If you believe you have a compromised computer or device, please visit the FBI’s Internet Crime Complaint Center (IC3) or report online to CISA. You may also contact your local FBI field office directly.

The FBI continues to investigate Integrity Technology Group’s and Flax Typhoon’s computer intrusion activities.

Posted on

Two Acting U.S. Trustees Appointed for Region Encompassing Alaska, Idaho, Montana, Oregon and Washington and for Region Encompassing Colorado, Utah and Wyoming

Source: United States Department of Justice Criminal Division

Attorney General Merrick Garland has appointed two Acting U.S. Trustees, the Executive Office for U.S. Trustees announced today. Under 28 U.S.C. § 585(a), the Attorney General may fill U.S. Trustee vacancies by appointing an Acting U.S. Trustee. 

Jonas V. Anderson has been appointed as the Acting U.S. Trustee for Alaska, Idaho, Montana, Oregon and Washington (Region 18). Anderson replaces Gregory M. Garvin, who has been appointed as the Acting U.S. Trustee for Colorado, Utah and Wyoming (Region 19). Garvin replaces Patrick S. Layng, who is retiring after 36 years of service to the Justice Department, including the last 10 years as the interim U.S. Trustee for Region 19.

The appointments of Anderson and Garvin are effective Sept. 28.

Anderson joined the U.S. Trustee Program (USTP) in 2010 as a trial attorney in the Las Vegas office through the Attorney General’s Honors Program after clerking for Judge Deanell Reece Tacha of the U.S. Court of Appeals for the Tenth Circuit. Anderson has served as the Assistant U.S. Trustee in charge of the USTP’s Eugene, Oregon, office since 2016, and for two years he served as the Acting Assistant U.S. Trustee of the Portland, Oregon, office. He received his Juris Doctor and Master of Legal Letters degrees from Duke University School of Law, a master’s degree from Yale University and a bachelor’s degree magna cum laude from Brigham Young University.

After seven years as the Acting U.S. Trustee in Region 18, Garvin will transition to a similar role in Region 19, where he has already been serving as the Assistant U.S. Trustee for the Denver field office since 2008. Before joining the USTP, Garvin was in private practice in the Kansas City area for 17 years focusing on commercial litigation and bankruptcy matters, including representing debtors in chapter 7 and 13 as well as individuals, small businesses and creditors in chapter 11. He received his bachelor’s degree and his law degree from the University of Kansas.

The USTP’s mission is to promote the integrity and efficiency of the bankruptcy system for the benefit of all stakeholders — debtors, creditors and the public. The USTP consists of 21 regions with 89 field offices nationwide and an Executive Office in Washington, D.C. Learn more about the USTP at www.justice.gov/ust.

Posted on

Defense News: SECNAV Del Toro Names Future John Lewis-class Oiler USNS Dolores Huerta (T-AO 214)

Source: United States Navy

WASHINGTON – Secretary of the Navy Carlos Del Toro announced that the future John Lewis-class oiler, T-AO 205-class, will be named USNS Dolores Huerta (T-AO 214). Del Toro made the announcement during a speaking engagement at the Veteran Affairs Center for Minority Veterans Hispanic Heritage Month Commemorative Event in Washington, Sept. 18.

The future USNS Dolores Huerta honors American labor leader and civil rights activist Dolores Huerta, a central figure in the farmworkers’ labor movement from the 1950s through 1990s.

The naming selection of the future USNS Dolores Huerta (T-AO 214) follows the tradition of naming John Lewis-class oilers after civil rights leaders and will be the first to bear her name. Secretary Del Toro previously named USNS Thurgood Marshall (T-AO 211), USNS Ruth Bader Ginsberg (T-AO 212), and USNS Harriet Tubman (T-AO 213).

“Dolores Huerta has been a leading figure in the Hispanic community and a champion of civil and workers’ rights for over 70 years,” said Secretary Del Toro. “Dolores Huerta dedicated her life to caring for those voiceless and underrepresented—she dedicated her life to taking care of people. I am honored to announce the next John Lewis-Class fleet replenishment oiler, T-AO 214, will be named USNS Dolores Huerta.”

After a brief stint as a public school teacher, Huerta in 1955 co-founded the Stockton chapter of the Community Service Organization to promote voter registration and economic opportunity initiatives for the local Hispanic community.

In 1962, she along with Cesar Chavez, co-founded the National Farm Workers Association, a forerunner of the United Farm Workers. In the 1960s and 1970s, Huerta helped lead local labor strikes and national boycotts of lettuce, grapes, and Gallo wine that improved the working and living standards for farmworkers. During this period, she also coined the phrase that remains the motto of the farmworkers’ labor movement, “Sí, se puede”—“yes, we can.”

From 1988 – 1993, Huerta served on the Commission on Agricultural Workers, established by Congress to review the effects of farmworker and immigration legislation. In 2002, she founded the Dolores Huerta Foundation, a non-profit organization dedicated to empowering other volunteer organizations that pursue social justice.

Over the course of her career, Huerta has received numerous accolades including the Eleanor Roosevelt Human Rights Award in 1998. When President Barack H. Obama awarded Huerta the Presidential Medal of Freedom in 2012, he praised her lifelong devotion to “advocating for marginalized communities.”

The future USNS Dolores Huerta is the tenth ship of the John Lewis Class. The class and lead ship are named in honor of the late civil rights icon Rep. John Lewis from Georgia.
The ships are designed to supply fuel to the Navy’s operating carrier strike groups. The oilers have the ability to carry a load of 162,000 barrels of oil and maintain significant dry cargo capacity.
Find more information about Fleet Replenishment Oilers online.

Posted on

Defense News: SECNAV Del Toro As-Written Remarks at the Department of Veterans Affairs Center for Minority Veterans

Source: United States Navy

Good morning, everyone!

It is wonderful to be here with you today as we celebrate the beginning of Hispanic Heritage Month.

Gabe, thank you for that kind introduction, and for your time as Deputy Chief of Staff in the Office of the Secretary of the Navy! I know you are doing great things at this department.

Chairman Areizaga-Soto, thank you for being here today and for your years of honorable service in the United States Army JAG Corps. Thank you for the important work you do as chairman of the Board of Veterans’ Appeals.

According to your department’s statistics, there are roughly 1.3 million Hispanic American Veterans.

Latinos are the fastest-growing demographic in the military—making up about 17% of all active-duty military.

Nearly one in every four Marines is Hispanic, and Hispanics comprise over 16% of our Navy.

It is important to see ourselves reflected in our leaders.

Because having successful role models who share our heritage empower us to follow in their footsteps or even chart our own courses.

Hispanic Americans have proudly served our military since the nascent beginnings of our Nation—since even before the Revolutionary War—and have served in every battle since.

This Nation was founded on the principles of selfless service.

I want to take a moment to thank the Veterans who are in this room today. If you are serving in our Nation’s armed forces, or if you have served in any capacity, would you please stand and be recognized?

Thank you for your service.

I also want to thank our families who are the backbone of our military.

Service in our military is a family affair, and I am fortunate to have had the support of my wife Betty and our four sons as I navigated a career in the Naval service, a career in the private sector, and once more, service to our Navy and Marine Corps Team.

Following the outbreak of conflict between Israel and Hamas on October 7th, our Sailors and Marines participated in Operation Prosperity Guardian in the Red Sea to deter further escalation and protect innocent commercial shipping against Iranian-aligned Houthi attacks.

When our heroes from the Bataan Amphibious Ready Group and the Eisenhower Carrier Strike Group returned from deployment, Betty and I had the honor and privilege to welcome them home.

Seeing all of the families and friends on the pier for our Sailors and Marines underscored the integral role our families play in our armed forces.

We could not do this job without them.

And because of their support, our Navy and Marine Corps Team serves as a powerful testament of our Nation’s commitment to our allies and partners all around the globe.

All of those in military families, even if you did not wear the uniform yourself, please stand to be recognized.

During this month, we celebrate the rich history, contributions, and service of Hispanic Americans to our Nation.

As I said before, Hispanic Americans have proudly served our Nation since its very founding, and the service of Hispanic Americans in our Navy and Marine Corps is especially notable.

Navy Admiral David Glasgow Farragut, the Navy’s first Hispanic American flag officer—and first flag officer, period—famously led the Union Navy to victory at the Battle of Mobile Bay.

As the ships in his squadron fell back because of risks of tethered mines or “torpedoes,” Admiral Farragut gave the immortal order: “Damn the torpedoes, full speed ahead!”

Sergeant Rafael Peralta was a Mexican immigrant who became a U.S. citizen while serving in the Marine Corps.

During the Second Battle of Fallujah, he sacrificed his life to save his teammates by shielding them from a grenade blast.

USS Rafael Peralta (DDG 115) is currently patrolling the Indo-Pacific, a symbol of our naval power abroad and a tribute to Sergeant Peralta’s bravery and sacrifice.

And Hispanic Americans are at the helm of our Navy and Marine Corps today.

This year, trailblazer Vice Admiral Yvette Davids made history by becoming the first woman and Latina to serve as Superintendent of the United States Naval Academy, where she trains the future leaders of our Navy and Marine Corps.

Sergeant Major Carlos Ruiz, a native of Sonora, Mexico, leads our Marines and Sailors as the 20th Sergeant Major of the Marine Corps.

My Chief of Staff, Chris Diaz, who previously worked for this department, enlisted in the Navy as an Aviation Boatswain’s Mate and deployed with the Harry S. Truman Carrier Strike Group.

He later served as a Fleet Marine Corps Hospital Corpman and deployed with the 6th Marines to Marjah in the Helmand Province of Afghanistan.

And like many of you in the audience today, my “only in America” story began outside of America—in Havana in the early 1960s.

The Castro Regime imprisoned my father, Raul Del Toro, for “counter-revolutionary activities,” and when I was ten months old, my father was paroled while he awaited trial.

During this time, our emergency visas into the United States came through, and with only what we could carry on our backs, we fled to America.

And America greeted us warmly in Miami, Florida.

Like thousands of other Cuban refugees, we called the Freedom Tower—our first stop on the road to freedom—home until we relocated to a tenement building on 42nd Street and 10th Avenue in Hell’s Kitchen, New York, where I grew up.

Growing up in Hell’s Kitchen was just like the musical “West Side Story”—except without the music or the dancing!

Throughout my childhood, both of my parents sacrificed and labored for the sake of their children—they wanted to give us a better life unattainable in Cuba, a life only possible in America.

I watched as they both worked two jobs to support our family.

And my parents’ sacrifice instilled in me a desire to give back to this great Nation which took us in at a time when we were most vulnerable.

In 1979, I left New York to attend the United States Naval Academy in Annapolis, Maryland and began my career of service to this country.

My 22-year naval career included serving as the first commanding officer of the guided-missile destroyer USS Bulkeley (DDG 84), Senior Executive Assistant to the Director for Program Analysis and Evaluation in the Office of the Secretary of the Defense, and Special Assistant to the Director and Deputy Director of the Office of Management and Budget.

And now I am proud to serve as the second highest-ranking Hispanic American in this administration and first Cuban-American Secretary of the Navy.

Service to our Nation is ingrained in the very fabric of this country and does not only mean wearing a uniform.

Service can also be championing causes to improve the lives of other Americans.

Dolores Huerta has been a leading figure in the Hispanic community and a champion of civil and workers’ rights for over 70 years.

In 1955, she co-founded the Stockton chapter of the Community Service Organization to promote voter registration and economic opportunity for the local Hispanic community.

In 1962, she co-founded the National Farm Workers Association and throughout the sixties and seventies, she led labor strikes and national boycotts of products to improve the working and living standards of farmworkers.

She coined the motto of the farmworker labor movement: “Si, se pude!” or “Yes, we can!” for any in the audience who don’t speak Spanish.

Over the course of her career, she received numerous awards and accolades, including being inducted as the first Latina in the National Women’s Hall of Fame in 1993, the Eleanor Roosevelt Human Rights Award in 1998, and the Presidential Medal of Freedom in 2012.

Dolores Huerta dedicated her life to caring for those voiceless and underrepresented—she dedicated her life to taking care of people.

The Department of the Navy instills in its leaders this same care for the Sailors, Marines, civilian mariners, and civilians.

And so, today, I am honored to announce the next John Lewis-Class fleet replenishment oiler, T-AO 214, will be named USNS Dolores Huerta.

The replenishment oiler has an integral role in our Fleet and Force, ensuring our ships’ ability to remain out to sea and operate effectively worldwide.

Dolores Huerta’s work on behalf marginalized communities is truly an inspiration, the future ship bearing her name will inspire all who sail alongside her to live up to the standard she set.

I am proud of our Sailors and Marines who represent everything that is great about our Department of the Navy and indeed our Nation.

It is the honor of a lifetime to serve the one million Sailors, Marines, and DOD civilians as the 78th Secretary of the Navy.

The strength of our Nation is in our people. And we are a stronger, more capable armed forces and nation because of our diverse backgrounds and experience.

I thank all of you for your time today and for your service to this great Nation.

May God bless you and our service men and women stationed all around the world.

Thank you.

Posted on

Oak Street Health Agrees to Pay $60M to Resolve Alleged False Claims Act Liability for Paying Kickbacks to Insurance Agents in Medicare Advantage Patient Recruitment Scheme

Source: United States Department of Justice

Oak Street Health, headquartered in Chicago and a wholly-owned subsidiary of CVS Health since 2023, has agreed to pay $60 million to resolve allegations that it violated the False Claims Act by paying kickbacks to third-party insurance agents in exchange for recruiting seniors to Oak Street Health’s primary care clinics.

The Anti-Kickback Statute prohibits anyone from offering or paying, directly or indirectly, any remuneration — which includes money or any other thing of value — to induce referrals of patients or to provide recommendations of items or services covered by Medicare, Medicaid and other federally funded programs. Under the Medicare Advantage (MA) Program, also known as Part C, Medicare beneficiaries have the option to obtain their health care through privately-operated insurance plans known as MA plans. Some MA Plans contract with health care providers, including Oak Street Health, to provide their plan members with primary care services.

The United States alleged that, in 2020, Oak Street Health developed a program to increase patient membership called the Client Awareness Program. Under the Program, third-party insurance agents contacted seniors eligible for or enrolled in Medicare Advantage and delivered marketing messages designed to generate interest in Oak Street Health. Agents then referred interested seniors to an Oak Street Health employee via a three-way phone call, otherwise known as a “warm transfer,” and/or an electronic submission. In exchange, Oak Street Health paid agents typically $200 per beneficiary referred or recommended. These payments incentivized agents to base their referrals and recommendations on the financial motivations of Oak Street Health rather than the best interests of seniors. The settlement resolves allegations that, from September 2020 through December 2022, Oak Street Health knowingly submitted, and caused the submission of, false claims to Medicare arising from kickbacks to agents that violated the Anti-Kickback Statute.

“Health care providers that attempt to profit from kickbacks will be held accountable,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “We are committed to rooting out illegal practices committed by Medicare Advantage providers, insurance agents and brokers that undermine the interests of federal health care programs and the patients they serve.”

“Kickbacks, in any form, have no place in our federal healthcare system” said Acting U.S. Attorney Morris Pasqual for the Northern District of Illinois. “My office is alert for kickbacks that can subvert patient choice and defraud federal health care programs. This investigation and settlement help to ensure that patient choice is prioritized above a provider’s bottom line.”

“Kickbacks impose hidden costs on the federal health care system and compromise medical choice and decision-making,” said Special Agent in Charge Mario Pinto of the Department of Health and Human Services Office of the Inspector General (HHS-OIG). “Working determinedly with our law enforcement partners, HHS-OIG will continue to protect the integrity of federal health care programs, and we encourage the public to come forward with information about violative conduct.”

The civil settlement includes the resolution of claims brought under the qui tam or whistleblower provisions of the False Claims Act by Joseph Stinson. Under those provisions, a private party can file an action on behalf of the United States and receive a portion of any recovery. The qui tam case is captioned U.S. ex rel. Stinson v. Oak Street Health, et al., No. 20-cv-7381 (N.D. Ill.). As part of today’s resolution, Mr. Stinson will receive $9.9 million.

The resolution obtained in this matter was the result of a coordinated effort between the Civil Division’s Commercial Litigation Branch, Fraud Section, and the U.S. Attorney’s Office for the Northern District of Illinois, with assistance from HHS-OIG and the FBI.

The investigation and resolution of this matter illustrates the government’s emphasis on combating health care fraud. One of the most powerful tools in this effort is the False Claims Act. Tips and complaints from all sources about potential fraud, waste, abuse and mismanagement can be reported to HHS at 800-HHS-TIPS (800-447-8477).

Trial Attorney David G. Miller of the Justice Department’s Civil Division and Assistant U.S. Attorney Jonathan C. Haile for the Northern District of Illinois handled the matter.

The claims resolved by the settlement are allegations only. There has been no determination of liability.

Settlement