China · The Register
Chinese attackers are pwning your infrastructure to tap in attacks, 10 countries warn
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
◌ Single Source
A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.
Key facts
- The FBI previously assessed Integrity Technology Group to be responsible for computer intrusion activity attributed to Flax Typhoon
- A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data
- Additionally, implement multi-factor authentication for remote access along with zero-trust security controls, IP allow lists, and machine certificate verification, if possible
- The governments also suggest large and high-risk organizations consider proactively hunting suspicious SOHO and IoT traffic, using geographic profiling, and machine learning based anomaly detection
Summary
"Anyone who is a target of China-nexus cyber actors may be impacted by the use of covert networks," the security advisory warned. "The use of covert networks of compromised devices - also known as botnets - to facilitate malicious cyber activity is not new, but China-nexus cyber actors are now using them strategically, and at scale," according to the alert. Some of these covert networks are created and maintained by Chinese information security companies, the advisory says. The FBI previously assessed Integrity Technology Group to be responsible for computer intrusion activity attributed to Flax Typhoon.