U.S. and allied agencies warned that Chinese state-linked cyber actors are shifting toward large, externally provisioned covert networks composed of compromised SOHO routers, IoT, and smart devices to conduct reconnaissance, malware delivery, and espionage. The advisory cites examples like the Raptor Train botnet and groups such as Volt Typhoon and Flax Typhoon, and urges stronger defenses including active hunting, network mapping, and blocklists #VoltTyphoon #RaptorTrain
Keypoints
- Chinese-linked actors are increasingly using large covert networks of compromised SOHO routers, IoT, and smart devices.
- Multiple covert networks are constantly updated and may be used by different threat actors simultaneously.
- Covert networks provide low-cost, deniable infrastructure for reconnaissance, malware delivery, and data theft.
- Notable examples include the Raptor Train botnet and operations attributed to Volt Typhoon and Flax Typhoon.
- Agencies recommend active hunting, mapping covert networks, using threat reporting to create blocklists, and strengthening general defenses.
Read More: https://cyberscoop.com/china-nexus-covert-networks-advisory/