UK and allied agencies warn that China-linked hackers are using compromised everyday devices to route cyberattacks

Thursday, April 23, 2026Technology & SocietyWell-covered3 frames

The UK National Cyber Security Centre and partner agencies in multiple allied countries issued a joint advisory about China-linked cyber actors' use of compromised-device networks.
The advisory says China-linked hackers are using large networks of compromised routers, IoT products and other edge devices to route or proxy their cyber operations.
The agencies describe a shift away from individually procured or dedicated attacker infrastructure toward externally provisioned, large-scale networks of compromised devices.
According to the warning, these compromised-device networks are used to support activities including reconnaissance, malware delivery or communications, surveillance, and data theft or exfiltration.
The advisory says the technique helps obscure the origin of attacks and makes malicious activity harder for defenders to detect, attribute, and disrupt.
Multiple reports say the warning applies broadly to organizations that may be targeted by China-linked cyber actors, including businesses and critical sectors in Western countries.
The agencies say vulnerable or poorly maintained devices, such as older equipment or devices missing software updates, can be incorporated into these networks.
The advisory includes defensive guidance urging organizations to strengthen visibility into edge-device traffic and improve basic security measures such as patching and monitoring.

The UK National Cyber Security Centre and partner agencies in multiple allied countries issued a joint advisory about China-linked cyber actors' use of compromised-device networks.
The advisory says China-linked hackers are using large networks of compromised routers, IoT products and other edge devices to route or proxy their cyber operations.
The agencies describe a shift away from individually procured or dedicated attacker infrastructure toward externally provisioned, large-scale networks of compromised devices.
According to the warning, these compromised-device networks are used to support activities including reconnaissance, malware delivery or communications, surveillance, and data theft or exfiltration.
The advisory says the technique helps obscure the origin of attacks and makes malicious activity harder for defenders to detect, attribute, and disrupt.
Multiple reports say the warning applies broadly to organizations that may be targeted by China-linked cyber actors, including businesses and critical sectors in Western countries.
The agencies say vulnerable or poorly maintained devices, such as older equipment or devices missing software updates, can be incorporated into these networks.
The advisory includes defensive guidance urging organizations to strengthen visibility into edge-device traffic and improve basic security measures such as patching and monitoring.