cross-posted from: https://mander.xyz/post/50988211
Here is the report, Defending against China-nexus covert networks of compromised devices (pdf).
A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.
“Anyone who is a target of China-nexus cyber actors may be impacted by the use of covert networks,” the security advisory warned. It was jointly released by the UK National Cyber Security Centre (NCSC) and 15 other government agencies from the United States, Australia, Canada, Germany, Japan, the Netherlands, New Zealand, Spain, and Sweden.
“The use of covert networks of compromised devices - also known as botnets - to facilitate malicious cyber activity is not new, but China-nexus cyber actors are now using them strategically, and at scale,” according to the alert.
Some of these covert networks are created and maintained by Chinese information security companies, the advisory says. For example, China’s Integrity Technology Group controlled and managed the so-called Raptor Train network, which in 2024 infected more than 200,000 devices worldwide, including small office home office (SOHO) routers, internet-connected web cameras and video recorders, plus firewalls and network-attached storage (NAS) devices.
…
compromised routers and IoT devices
I mean, that’s kind what you’d expect if you stick devices on the Internet and then they don’t get updates.
I bet that the percentage of IoT devices on networks that are actively-maintained and getting updates is not incredibly high.
