Ten countries have jointly warned that China-linked hackers are using everyday internet devices, home routers, web cameras, and smart gadgets to carry out hidden malicious activity.
Britain’s National Cyber Security Centre (NCSC) published the advisory on April 23, alongside 15 partner agencies from the United States, Australia, Canada, Germany, Japan, the Netherlands, New Zealand, Spain, and Sweden.
Cyber actors linked to the Chinese state have abandoned their own infrastructure for large networks of hacked devices, known as “covert networks” or “botnets,” the NCSC said.
These covert networks are mostly made up of compromised small office and home office routers, plus internet‑connected smart devices. The hackers have used these networks to target critical sectors globally, steal sensitive data, and maintain long‑term access to victim systems.
At least two Chinese state‑sponsored groups, Volt Typhoon and Flax Typhoon, have been identified as abusers of these networks. The NCSC believes most China‑linked threat actors now rely on covert networks, which they constantly update and often share across multiple groups.
“In recent years, we have seen a deliberate shift in cyber groups based in China utilising these networks to hide their malicious activity in an attempt to avoid accountability,” NCSC’s director of operations, Paul Chichester, said.
One network, Raptor Train, infected more than 200,000 devices worldwide in 2024 and was controlled by Chinese company Integrity Technology Group. The FBI assessed that the company was responsible for computer intrusions attributed to China‑based hackers. Another network, the KV Botnet used by Volt Typhoon, consisted largely of outdated Cisco and NetGear routers that no longer receive security updates.
Attacks using covert networks are hard to detect because evidence can vanish quickly, the NCSC warned. Officials urge organisations to map and monitor network edge devices—especially those used for remote access—and to turn on two‑factor authentication.
A spokesperson for the Chinese Embassy in Britain rejected the claims, calling them “completely unfounded” and “baseless smears and attacks against China.”
The advisory was released on the second day of the UK government’s CYBERUK 2026 conference in Glasgow. It is the latest in a series of joint warnings about China‑linked cyber activity.
Reuters contributed to this report.
Friends Read Free
Copy
Facebook
Tweet
