CP
cyberpings

UK Warns of Chinese Hackers Using Proxy Networks to Evade Detection

The UK warns of a rising threat from Chinese hackers using proxy networks of hijacked devices. This tactic complicates detection and poses serious cybersecurity risks. Organizations must enhance their defenses against these evolving threats.

Threat IntelHIGHUpdated: Published:
Featured image for UK Warns of Chinese Hackers Using Proxy Networks to Evade Detection

Original Reporting

BCBleepingComputerΒ·Sergiu Gatlan

AI Summary

CyberPings AIΒ·Reviewed by Rohit Rana

🎯Basically, Chinese hackers are using stolen devices to hide their online attacks.

What Happened

The United Kingdom's National Cyber Security Centre (NCSC-UK) has issued a warning about Chinese hackers increasingly utilizing large-scale proxy networks made up of hijacked consumer devices. This advisory, supported by international partners, highlights a shift from individual infrastructure to massive botnets comprised mainly of small office and home office (SOHO) routers, internet-connected cameras, and other IoT devices.

The Threat

These botnets enable hackers to route their traffic through multiple compromised devices, effectively disguising their malicious activities. The NCSC believes that many threat actors from China are employing these networks, which are continuously updated and can be used by multiple groups simultaneously. This method complicates detection efforts significantly.

Who's Behind It

One notable example is the Raptor Train botnet, which infected over 260,000 devices globally and was linked to the Chinese state-sponsored Flax Typhoon hacking group. Another network, the KV-Botnet, was associated with the Volt Typhoon group, primarily targeting vulnerable Cisco and Netgear routers that lacked security updates.

Tactics & Techniques

Traditional defense strategies that rely on blocking static IP addresses are becoming less effective against these dynamic botnets. The advisory emphasizes the need for network defenders to adopt more robust security measures, including:

  • Implementing multifactor authentication
  • Mapping network edge devices
  • Utilizing dynamic threat feeds
  • Applying IP allowlists and zero-trust controls

Defensive Measures

The NCSC-UK's Director of Operations, Paul Chichester, stated that botnet operations pose a significant threat by exploiting vulnerabilities in everyday internet-connected devices. Organizations of all sizes are urged to enhance their security postures to mitigate potential risks associated with these evolving tactics.

In summary, the rise of sophisticated proxy networks used by Chinese hackers underscores the need for heightened vigilance and proactive measures in cybersecurity.

πŸ”’ Pro Insight

πŸ”’ Pro insight: The shift to botnet-based operations signifies a strategic evolution in Chinese cyber tactics, necessitating an urgent reevaluation of defensive measures.

BCBleepingComputerΒ· Sergiu Gatlan
Read Original

Share

Related Pings

Threat Intel
HIGH

China-nexus Covert Networks - Defending Against New Threats

China-nexus cyber actors are leveraging covert networks of compromised devices to launch attacks. Organizations must enhance their defenses to mitigate risks and protect sensitive data.

NCNCSC UK
Read PingRead Source
Threat Intel
HIGH

China-linked Covert Networks - New Defense Advisory Issued

A new advisory from international cyber agencies reveals tactics used by China-linked actors to hide cyber attacks. Organizations are urged to follow this guidance to protect sensitive data and critical assets.

NCNCSC UK
Read PingRead Source
Preview image for Harvester APT - Hackers Use Outlook to Hide GoGra Malware
Threat Intel
HIGH

Harvester APT - Hackers Use Outlook to Hide GoGra Malware

Hackers are using Microsoft Outlook to conceal their GoGra backdoor communications, complicating detection efforts. The Harvester APT group targets South Asia, focusing on espionage. Organizations are urged to enhance their security measures to combat this evolving threat.

CSCyber Security News
Read PingRead Source
Threat Intel
HIGH

Defending Against China-Nexus Covert Networks Explained

This advisory details the shift in tactics by China-nexus cyber actors towards covert networks of compromised devices, providing essential defensive strategies for organizations.

NCNCSC UK+1 more
Read PingRead Source
Preview image for Tropic Trooper Attack - Custom Beacon and VS Code Tunnels Exploited
Threat Intel
HIGH

Tropic Trooper Attack - Custom Beacon and VS Code Tunnels Exploited

A new Tropic Trooper cyberattack campaign targets Chinese-speaking individuals using military-themed lures. The attack exploits GitHub for command-and-control, complicating detection efforts. Organizations must enhance their defenses to mitigate these sophisticated tactics.

CSCyber Security News
Read PingRead Source
Preview image for Cyber-Attacks Surge 63% Annually in Education Sector
Threat Intel
HIGH

Cyber-Attacks Surge 63% Annually in Education Sector

Cyber-attacks in the education sector surged by 63% last year, highlighting the growing risks faced by schools and universities. With increasing threats from ransomware and hacktivism, institutions must enhance their security measures. Quorum Cyber's report outlines critical steps to mitigate these risks.

IMInfosecurity Magazine
Read PingRead Source