The UK’s National Cyber Security Centre (NCSC) joint advisory highlights the risk of malicious cyber actors exploiting internet-connected devices to form a botnet.
NCSC, a part of the UK’s GCHQ, issued a new advisory alongside partners in the US, Australia, Canada, and New Zealand which reveals how a company based in China with links to China’s government has managed a botnet made up of over 260,000 compromised devices around the world.
Go deeper with GlobalData
A botnet is a network of internet-connected devices that are infected with malware and controlled by a group to conduct coordinated cyber attacks without the owners’ knowledge.
Paul Chichester, NCSC director of operations, said: “Botnet operations represent a significant threat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber attacks.
“Whilst the majority of botnets are used to conduct coordinated DDoS attacks, we know that some also have the ability to steal sensitive information.”
The compromised devices include routers, firewalls, and Internet of Things (IoT) devices, including webcams and CCTV cameras which can then be used by the actors for a variety of malicious purposes, such as anonymous malware delivery and distributed denial of service (DDoS) attacks.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThe advisory names Integrity Technology Group as responsible for controlling and managing the botnet, which has been active since mid-2021, and has been used by the malicious cyber actor commonly known as Flax Typhoon.
The advisory shares technical details and mitigation advice to help defend against malicious activity delivered through this botnet. It also highlights the risk to owners of how unpatched and end-of-life equipment can be exploited by malicious cyber actors.
As with similar botnets, the botnet described in this advisory is composed of a network of devices, known as bots, which are infected with a type of malware that provides threat actors with unauthorised remote access.
To recruit a new ‘bot’, the botnet system first compromised an internet-connected device using a known vulnerability exploit which then provides access to establish a remote command and control execution.
Eric Knapp, CTO at Opswat said the advisory, “highlights a clear supply chain risk, specifically how compromised hardware, often sourced from particular countries of origin, can be leveraged for nation-state cyber-espionage activities.
“Organisations must not only discover all assets connected to their network but also deeply understand them. For example, does that PC have a network interface card from a potentially hostile nation? Asset owners need this level of visibility to defend against threats.”
