The Cybersecurity and Infrastructure Security Agency and the U.K.'s National Cyber Security Centre have issued a joint advisory warning of covert networks of compromised devices linked to Chinese state-sponsored cyber actors.
The growing concern over China-related threats highlights the significance and importance of strong cybersecurity. Gain more insights on how the government and industry are addressing evolving cyberthreats at the 2026 Cyber Summit, presented by the Potomac Officers Club, which will be held on May 21. Sign up now!
What Does the CISA and NCSC Advisory Address?
The guidance titled “Defending Against China-Nexus Covert Networks of Compromised Devices” aims to help organizations defend against threat actors like Volt Typhoon and Flax Typhoon that exploit vulnerable devices to build hidden networks used in malicious cyber activity. The advisory details how botnets consisting of compromised network infrastructure, including routers, firewalls and network-attached storage, along with internet of things devices such as web cameras, video recorders and other smart equipment, are used to conceal the identities and conduct espionage, intrusions and data theft.
“This advisory informs organizations of how these actors are strategically using numerous, evolving covert networks at scale for malicious cyber activity,” said CISA Acting Director Nick Andersen.
What Does the Guidance Recommend?
CISA and its partners recommend that organizations identify and understand network edge devices and the assets connected to them, while establishing a baseline of normal network activity, particularly for VPNs and similar remote access services. The advisory also calls for maintaining a log collection and storage capabilities to support detection and response efforts, along with implementing multifactor authentication to better secure remote connections.
“CISA strongly encourages organizations to review and implement appropriate mitigation measures to defend their devices from this threat. Every day, CISA works to empower organizations with actionable information to strengthen their security and resilience against cyber threats,” Andersen said.
