The Communications Security Establishment Canada (CSE) joins the following international partners to release a joint cybersecurity advisory to warn that People’s Republic of China (PRC) linked cyber actors have compromised Internet-connected devices:
- Canadian Security Intelligence Service (CSIS)
- U.S. Federal Bureau of Investigation (FBI), Cyber Command Cyber National Mission Force (CNMF), National Security Agency (NSA)
- Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)
- United Kingdom National Cyber Security Centre (NCSC-UK)
- New Zealand National Cyber Security Centre (NCSC-NZ)
The compromised Internet-connected devices include:
- small office/home office (SOHO) routers
- firewalls
- network-attached storage (NAS)
- Internet of Things (IoT) devices
The actors' goal is to create a network of compromised nodes called a “botnet”, ready for malicious activity. Like similar botnets, this botnet infrastructure is made up of a network of devices, which are infected with a type of malware that provides the threat actors with unauthorized remote access.
The actors' may then use the botnet as a proxy to hide their identities while deploying distributed denial of service (DDoS) attacks or compromising targeted U.S. networks.
Integrity Technology Group is a PRC-based company and has controlled and managed a botnet active since 2021. The botnet maintains between tens to hundreds of thousands of compromised devices.
Cyber security companies can use the information in this advisory to assist with identifying malicious activity and reduce the number of devices present in botnets worldwide.
CSE and our partners are releasing this joint advisory to highlight the threat posed by actors and their botnet activity. We encourage exposed device vendors, owners and operators to update and secure their devices from being compromised and added/join to the botnet.
Read the full joint cyber security advisory People’s Republic of China-linked actors compromise routers and IoT devices for botnet operations.