Today we have released a joint advisory with the UK’s National Cyber Security Centre and international partners, highlighting a shift in the tactics, techniques and procedures (TTPs) used by China‑nexus threat actors to target organisations.
China-nexus cyber actors have moved from using individually procured infrastructure, to operating large scale "covert networks" via botnets built from compromised routers and other edge devices.
Operating at scale, these covert networks enable attacks against critical sectors globally, facilitate the theft of sensitive data, and support sustained access.
The advisory also warns that network defenders face "IOC extinction" where indicators of compromise disappear as quickly as they are discovered, therefore requiring more adaptive, intelligence-driven measures to mitigate the risks.
We strongly recommend organisations of all sizes implement the mitigations outlined in this advisory, including mapping and baselining edge device traffic, and applying zero trust measures, to reduce organisation exposure to China-nexus covert network attacks.