United States
Australia
United Kingdom
Europe
New Zealand
Canada
U.S. and U.K. cyber authorities, backed by a broad coalition of international partners, have issued a joint advisory warning that China-linked threat actors are operating large, covert networks built from compromised home, small-office, and internet-of-things devices, and urging organizations to harden their edge infrastructure.
The guidance, published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC-UK), details how state-backed groups assemble botnets from weakly secured routers and IoT equipment to mask their origins and enable espionage, intrusions, command-and-control, and data theft. It highlights activity attributed to clusters commonly tracked as Volt Typhoon and Flax Typhoon.
“Working closely with U.S. and international partners, CISA continues to identify and warn organizations of Chinese state-sponsored cyber actors threatening critical infrastructure. This advisory informs organizations of how these actors are strategically using numerous, evolving covert networks at scale for malicious cyber activity,” said CISA Acting Director Nick Andersen. “CISA strongly encourages organizations to review and implement appropriate mitigation measures to defend their devices from this threat. Every day, CISA works to empower organizations with actionable information to strengthen their security and resilience against cyber threats.”
The advisory provides step-by-step guidance to help defenders identify, baseline, and mitigate activity from dynamic, deniable proxy networks. Recommended measures include cataloging and understanding all edge devices and what should connect to them; establishing baselines for normal connections—particularly to VPNs and similar remote-access services; maintaining robust log collection and retention to detect and investigate unauthorized access attempts; and enforcing multifactor authentication on remote connections.
The document is co-sealed by the Federal Bureau of Investigation, National Security Agency, and the Department of Defense Cyber Crime Center, alongside partner agencies from Australia, Canada, Germany, the Netherlands, New Zealand, Japan, Spain, and Sweden.
CISA directs organizations to its China Threat Overview and Advisories for additional context on Chinese government-linked activity, and to its Edge Device Security resources for hardening guidance.
