Authorities are advising UK companies to heighten their defenses against a hacking strategy tied to China that involves compromising ordinary gadgets for spying purposes. The UK’s National Cyber Security Centre (NCSC), along with agencies from nine other nations, has issued alerts about ongoing efforts by groups supported by Beijing to infiltrate items like Wi-Fi routers to conduct cyber operations. These setups, referred to as covert networks or botnets, often exploit outdated or unpatched devices as platforms for actions such as monitoring and stealing information. According to the NCSC, this approach is employed by most hackers associated with China. Richard Horne, the NCSC’s chief executive, stated on Wednesday that China’s intelligence and military units demonstrate an extraordinary degree of expertise in their online activities. During the NCSC’s yearly event in Glasgow, he noted: ‘We are confronting not only a skilled cyber adversary but a comparable rival in the digital realm.’ The joint advisory from the NCSC and cybersecurity bodies in nations like the US, Australia, Canada, and Germany highlights a significant change in Chinese methods, now using internet-connected devices to mask the origin of assaults. Routers are the most frequently targeted, but printers and webcams are also at risk. Experts liken routers to virtual private networks, which enable users to hide their whereabouts. They explain that a home Wi-Fi router might serve as a pathway for striking an unrelated large corporation. Although the NCSC’s recommendations are not aimed at the general public who could unknowingly facilitate such spying, they encourage businesses and institutions to implement measures like inventorying their IT infrastructure, including links to home internet services. Additional suggestions include using multifactor authentication, which requires extra verification beyond a password for remote access by employees. Limiting connections to outside devices is also advised. In the advisory released on Thursday, the NCSC stated: ‘The NCSC assesses that most threat actors connected to China utilize these networks, that several such networks exist and are regularly refreshed, and that one network might support multiple operators. These networks primarily consist of hijacked small office or home routers, plus internet-connected devices and smart appliances.’ A group backed by China, known as Volt Typhoon by Western officials, has been identified as employing these hidden networks and has stealthily penetrated critical US facilities, including those in rail, aviation, and water sectors. The NCSC indicated that private Chinese firms now construct and manage these networks. For instance, one Chinese company built a hidden network by compromising 200,000 devices globally. This year, Google revealed it had dismantled a ‘residential proxy’ network where cybercriminals and government-linked actors used infected home and business devices to execute attacks.
