NSA Issues Advisory: China State Sponsored Cyber Actors Hacking Routers & IoT Devices
The Untied States, National Security Agency (NSA) joins the Federal Bureau of Investigation (FBI), the United States Cyber Command’s Cyber National Mission Force (CNMF), and international allies in releasing new information about People’s Republic of China (PRC)-linked cyber actors who have compromised internet-connected devices worldwide to create a botnet and conduct malicious activity. ?
The advisory highlights the threat posed by these actors and their botnet, a network of compromised nodes positioned for malicious activity. ?
“The botnet incorporates thousands of U.S. devices with victims in a range of sectors,” said Dave Luber, NSA Cybersecurity Director. “The advisory provides new and timely insight into the botnet infrastructure, the countries where compromised devices are located, and mitigations for securing devices and eliminating this threat.” ?
Device vendors, owners, and operators are encouraged to update and secure their devices – particularly older devices – from being compromised and joining the botnet.
Cybersecurity companies are also urged to use the CSA to help identify malicious activity. ? Compromised internet-connected devices include small office/home office (SOHO) routers, firewalls, network-attached storage (NAS), and Internet of Things (IoT) devices, such as webcams, DVRs, and IP cameras. The actors create a botnet from these devices, which can be used to conceal their online activity, launch distributed denial of service (DDoS) attacks, or compromise U.S. networks. ?
As of June 2024, the botnet consisted of over 260,000 devices in North America, Europe, Africa, and Southeast Asia, according to the CSA. ? NSA is releasing this joint advisory to help National Security Systems, Department of Defense, and Defense Industrial Base networks mitigate these cyber threats.
The authors of the CSA recommend the following mitigations:
The "Untied" States? Good article, proofreading? ??
This is a crucial reminder of the evolving cybersecurity landscape. The increasing use of compromised IoT devices and routers to build botnets highlights the need for businesses and individuals to prioritize patching, strong passwords, and regular device updates.?
-- Computer Security Graduate from Cardiff Metropolitan
5 个月I find it fascinating how a botnet of over 260,000 compromised devices ranging from routers to IoT devices can be used for malicious activities like hiding online operations and launching DDoS attacks. The sheer scale of this operation highlights the critical importance of securing internet connected devices.
CISSP | CC | Director of Project Delivery @ Infocion | Ex Headed IT @ Colorplast | ex IT Manager @ Timex Group India Ltd | Information Security | Project Management | IT governance and compliance | ERP Implementation.
5 个月This advisory comes at a crucial time, especially following reports of recent cyberattacks on Hezbollah's communication systems, including pagers, walkie-talkies, and solar infrastructure. It’s a reminder of how vulnerable connected devices can be to sophisticated attacks. Keeping devices updated, using strong passwords, and disabling unused services are essential steps to prevent them from being compromised. The large-scale botnet threat mentioned here shows the global nature of these risks. Thanks to the NSA and its partners for sharing timely and actionable insights to help secure our devices and networks.
Esto lo hablamos en el desayuno de hoy Enrique / Manuel