China-nexus cyber actors have moved from using individually procured infrastructure to operating large scale “covert networks” – botnets built from compromised routers, and other edge devices, says the UK official NCSC (National Cyber Security Centre), a part of the Government agency GCHQ.
The NCSC suggests two-factor authentication for remote access and, where possible, ‘zero trust’ controls on IT access. The cyber attacks aim at stealing sensitive data and potentially disrupting critical services. The NCSC points out that those relying solely on static defences risk being bypassed, because indicators of compromise disappear as quickly as they are found. For the NCSC’s advisory in full visit the NCSC website.
Comment
Rob Demain, CEO of the cyber consultancy e2e-assure commented that this advisory reinforced something understood for some time: ‘the threat from China-nexus actors is persistent, patient, and increasingly sophisticated in how it conceals itself’. He said: “Groups such as Volt Typhoon and Flax Typhoon use compromised SOHO routers and IoT devices as a deliberate geo-positioning strategy, routing traffic through local home connections, or even a senior employee’s home internet router, to present as a trusted, legitimate user. This is the nearest-neighbour attack scaled globally.
