CISA and allied security agencies have issued an advisory warning that China-nexus threat groups, including Volt Typhoon and Flax Typhoon, are increasingly using large botnets of compromised SOHO routers, IoT devices, and smart devices to conduct cyber espionage and infiltrate critical infrastructure. These covert networks, some exceeding 200,000 infected devices, allow attackers to disguise their origin, evade detection, and operate with deniability. The Raptor Train botnet, managed by Chinese firm Integrity Technology Group, and the KV Botnet used by Volt Typhoon are highlighted as examples. Security experts warn that enterprises are underestimating IoT device security risks, as compromised devices grant attackers trusted network positions that bypass geographic IP filtering and behavioral detection.
Sort: