Ethical Hacking News
Covert networks: China's growing threat to global cybersecurity
According to a recent joint advisory by the UK National Cyber Security Centre (NCSC) and 15 other government agencies from around the world, Chinese-linked threat actors have been identified as a major culprit behind the creation and use of covert networks. These covert networks, also known as botnets, are being used to facilitate malicious cyber activity on a massive scale.
The advisory highlights that covert networks of compromised devices, including routers, IoT devices, firewalls, and network-attached storage (NAS) devices, have become an increasingly popular tactic among Chinese threat actors.
China-linked threat actors are using covert networks (botnets) to facilitate malicious cyber activity on a massive scale. These covert networks are being used to control compromised devices such as routers, IoT devices, firewalls, and network-attached storage (NAS) devices. The use of these covert networks is becoming increasingly popular among Chinese threat actors, particularly in homes, businesses, and critical infrastructure worldwide. Some covert networks are being controlled and managed by Chinese information security companies, such as Integrity Technology Group. Organizations can protect themselves against these threats by mapping and baselining their edge device traffic, adopting dynamic threat feed filtering, implementing multi-factor authentication, and using zero-trust security controls.
The threat landscape of global cybersecurity has taken a significant turn for the worse, thanks to the increasing sophistication and scale of coordinated attacks by Chinese-linked threat actors. According to a joint advisory released by the UK National Cyber Security Centre (NCSC) and 15 other government agencies from around the world, including the United States, Australia, Canada, Germany, Japan, the Netherlands, New Zealand, Spain, and Sweden, China-nexus cyber actors have been identified as a major culprit behind the creation and use of covert networks. These covert networks, also known as botnets, are being used to facilitate malicious cyber activity on a massive scale.
The advisory highlights that covert networks of compromised devices, including routers, IoT devices, firewalls, and network-attached storage (NAS) devices, have become an increasingly popular tactic among Chinese threat actors. This is particularly concerning given the widespread use of these devices in homes, businesses, and critical infrastructure around the world.
In fact, according to recent assessments by the FBI, some covert networks are being controlled and managed by Chinese information security companies. For instance, Integrity Technology Group was found to be responsible for managing the so-called Raptor Train network, which infected over 200,000 devices worldwide in 2024, including small office home office (SOHO) routers, internet-connected web cameras, video recorders, firewalls, and NAS devices.
This trend is not unique to Chinese threat actors alone. Other groups such as Vol Typhoon have also been found to use these covert networks for their malicious activities. However, the NCSC points out that while the number of these covert networks can be daunting, with new botnets being regularly developed and deployed, it would be impractical and immediately outdated to provide a comprehensive description of all known covert networks in detail.
Therefore, the key takeaway from this advisory is the importance of organizations mapping and baselining their edge device traffic, especially VPN and remote access connections. Furthermore, adopting dynamic threat feed filtering that includes known covert network indicators can help organizations protect themselves against these threats. Additionally, implementing multi-factor authentication for remote access along with zero-trust security controls, IP allow lists, and machine certificate verification may also prove beneficial in combating this growing threat.
Moreover, the advisory suggests that high-risk organizations proactively hunt suspicious SOHO and IoT traffic using geographic profiling, and machine learning-based anomaly detection methods. It's worth noting as well that while financially motivated cyber crews are not the only ones who use these covert networks, they too have been known to co-opt routers and other connected devices for their criminal activities.
The joint advisory highlights the growing threat posed by China-linked threat actors, which is a critical development in the ongoing battle against cyber threats. With the increasing sophistication of these attacks and the scale at which they are carried out, it has become more important than ever that organizations around the world take proactive steps to protect themselves against these types of threats.
In light of this information, we will continue to monitor the situation closely and provide further updates as necessary.
Related Information:
https://www.ethicalhackingnews.com/articles/C-covert-Networks-Chinas-Growing-Threat-to-Global-Cybersecurity-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/23/china_covert_networks/
https://www.csoonline.com/article/4064737/chinese-hackers-breached-critical-infrastructure-globally-using-enterprise-network-gear.html
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
Published: Thu Apr 23 17:06:47 2026 by llama3.2 3B Q4_K_M
