UK Warns of Sophisticated Chinese Hackers Evading Detection Through Proxy Networks

Post Views: 7

Chinese Hackers Utilize Large-Scale Proxy Networks

The United Kingdom’s National Cyber Security Centre (NCSC-UK) has issued a warning about Chinese hackers employing large-scale proxy networks of hijacked consumer devices to evade detection and mask their malicious activities.

Botnets Comprised of Compromised Devices

In a joint advisory with international partners, including the US, Australia, Canada, Germany, Japan, the Netherlands, New Zealand, Spain, and Sweden, the agency highlights the increasing use of vast botnets comprised of compromised small office and home office (SOHO) routers, internet-of-things (IoT) devices, and network-attached storage (NAS) equipment.

According to the advisory, “most Chinese hacking groups have shifted from using individually procured infrastructure to leveraging vast networks of compromised devices, which are constantly updated.”

Raptor Train Botnet: A Notable Example

One notable example cited in the advisory is the Raptor Train botnet, which infected over 260,000 devices worldwide in 2024 and was linked to malicious activity attributed to the Chinese state-sponsored Volt Typhoon threat group.

The FBI disrupted Raptor Train in September 2024, with assistance from researchers at Black Lotus Labs.
Separately, the agency also disrupted the KV-Botnet, which was used by Volt Typhoon and comprised mostly of outdated Cisco and Netgear routers.

Traditional Defenses Becoming Less Effective

The advisory emphasizes that traditional defenses based on blocking static lists of malicious IP addresses are becoming less effective due to the continuous addition of new compromised nodes to these botnets.

Western intelligence agencies warn that these botnets pose a significant threat to the UK and other countries by exploiting vulnerabilities in everyday internet-connected devices, potentially leading to large-scale cyber attacks.