State-backed cyber actors linked to China are reshaping the way modern cyberattacks are carried out by shifting away from traditional infrastructure and instead exploiting everyday internet devices. According to new guidance from the National Cyber Security Centre in collaboration with the Cyber League, these groups are increasingly hijacking routers and edge devices to build large, covert botnets that help conceal their operations.
Rather than investing in traceable servers, attackers are taking control of thousands of home and small-business routers. These compromised devices are then used as a hidden network that supports every phase of a cyberattack. From scanning targets and identifying vulnerabilities to launching attacks and maintaining persistence, the entire operation is routed through devices owned by unsuspecting users, making attribution extremely difficult.
The biggest concern with this approach is how dynamic and adaptable these networks are. Because the infrastructure is made up of compromised third-party devices, attackers can easily reshape or abandon their networks at any time. This not only reduces operational costs but also provides plausible deniability, as malicious activity appears to originate from legitimate sources.
This constantly shifting infrastructure is rendering traditional defense mechanisms increasingly ineffective. Many organizations still rely on static IP blocklists, but these methods struggle to keep up with rapidly changing attack patterns. As these covert networks evolve, defenders are facing a growing challenge known as indicator of compromise extinction, where known malicious indicators quickly become outdated before they can be acted upon.
The impact of these campaigns is already being felt globally, particularly across the UK and other regions, where organizations are being targeted for sensitive data theft and potential service disruption. Experts warn that companies relying solely on outdated security practices are at a significantly higher risk of being breached.
To address these evolving threats, cybersecurity authorities are urging organizations to adopt more adaptive and intelligence-driven defenses. This includes closely monitoring traffic across edge devices and remote access points, implementing dynamic threat intelligence feeds, strengthening authentication systems, and adopting zero-trust security models. As cyber threats continue to evolve, organizations must move beyond static defenses and embrace more proactive security strategies to stay protected.
Recommended Cyber Technology News:
- Kaspersky Reveals Qualcomm Chip Vulnerability Risking Device Control
- OmniTrust Expands AutoAuth With Certified Programs
- ArmorText Introduces Field Notes to Drive Cybersecurity Collaboration
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
