China-linked cyber threat actors have adopted a new strategy that involves using compromised routers and edge devices to create large-scale covert networks and botnets. This development marks a shift from their previous reliance on individually procured infrastructure, according to a warning issued by the National Cyber Security Centre (NCSC). The NCSC, in collaboration with the Cyber League and other partner agencies, has released an advisory to help organizations counter this emerging threat.

The advisory highlights the increased risk posed by these compromised devices, which are often used in VPN and remote access connections. Such devices, when compromised, can serve as entry points for cyber espionage activities, allowing threat actors to infiltrate organizational networks undetected. The NCSC's guidance is aimed at organizations of all sizes, emphasizing the need for vigilance and proactive measures to secure network infrastructure.

Technical details of the advisory suggest that organizations should focus on mapping and baselining traffic from edge devices. This involves monitoring network traffic patterns to identify anomalies that may indicate a compromised device. By establishing a baseline of normal traffic, organizations can more effectively detect and respond to suspicious activities that deviate from the norm.

The impact of this threat is significant, as it can lead to unauthorized access to sensitive information and potential disruption of services. Organizations that rely heavily on remote access and VPN connections are particularly vulnerable, making it essential to implement robust security measures.

To mitigate the risk, the NCSC recommends that organizations conduct regular security assessments of their network infrastructure, update device firmware, and implement strong authentication mechanisms. Additionally, organizations should educate their staff on recognizing potential security threats and ensure that their incident response plans are up-to-date and effective.

Source: hhttps://www.helpnetsecurity.com/2026/04/24/ncsc-china-covert-networks-advisory/