A joint advisory from 16 government agencies across 10 countries warns that China-linked threat actors are systematically compromising routers and IoT devices worldwide to build covert proxy networks (botnets) for espionage, data theft, and disruptive attacks. Groups like Volt Typhoon and Flax Typhoon use these networks strategically and at scale, with some botnets managed by Chinese cybersecurity firms. The Raptor Train network alone infected over 200,000 devices in 2024. Defenders are advised to baseline edge device traffic, implement MFA and zero-trust controls, use IP allowlists, and consider ML-based anomaly detection for SOHO and IoT traffic.
Sort: