China uses compromised everyday devices for state-sponsored hacking operations
Chinese State Actors Shift to Covert Networks Built from Compromised Devices
The National Cyber Security Centre (NCSC) has issued a warning about a significant shift in tactics by Chinese state actors, who are now relying on covert networks built from compromised devices.
Main Findings:
- China-linked threat actors have moved away from individually procured infrastructure to building large-scale covert networks.
- These networks consist of compromised routers and other edge devices, posing a substantial threat to organizations worldwide.
- The NCSC recommends organizations map and baseline traffic from edge devices, especially VPN and remote access connections, to mitigate this threat.
- The NCSC also suggests adopting dynamic threat feed filtering that incorporates known covert network indicators.
According to the NCSC, most China-nexus groups rely on these covert networks, which are continually updated and often used by multiple groups simultaneously.
Key Details:
- Covert networks are primarily constructed from small office/home office (SOHO) routers, Internet of Things (IoT), and smart devices.
- The scale of these networks is vast, with numerous networks being created and deployed regularly.
- Existing networks are frequently modified due to various reasons such as defensive or legal actions, or updates and new exploits being introduced to target specific technologies.
The NCSC Director of Operations, Paul Chichester, noted that defending against attackers using covert networks is not straightforward and requires varying defensive strategies depending on the level of resources and the nature of the target organization.
Recommendations:
- Maintain awareness of the evolving threat landscape and adjust defenses accordingly.
- Implement robust monitoring and detection capabilities to identify potential threats.
- Develop incident response plans to address potential attacks.
About Author
English