Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC and partners issue advice to counter campaign targeting devices

Security

NCSC and partners issue advice to counter campaign targeting devices

The National Cyber Security Centre (NCSC) – a part of GCHQ – has issued a new advisory alongside partners in the US, Australia, Canada and New Zealand, which reveals how a company based in China with links to China’s government, has managed a botnet consisting of over 260,000 compromised devices around the world.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock

The UK and international allies are urging individuals and organisations to take protective action after exposing a global network of compromised internet-connected devices operated by a China-linked company and used for malicious purposes.

Advertisement
Amentum rectangle

A botnet is a network of internet-connected devices that are infected with malware and controlled by a group to conduct co-ordinated cyber attacks without the owners’ knowledge.

The compromised devices include routers, firewalls, and Internet of Things (IoT) devices – including webcams and CCTV cameras – which can then be used by the actors for a variety of malicious purposes, such as anonymous malware delivery and distributed denial of service (DDoS) attacks.

The advisory names Integrity Technology Group as responsible for controlling and managing the botnet, which has been active since mid-2021, and has been utilised by the malicious cyber actor commonly known as Flax Typhoon.

The advisory shares technical details and mitigation advice to help defend against malicious activity delivered through this botnet. It also highlights the risk to owners of how unpatched and end-of-life equipment can be exploited by malicious cyber actors.

Paul Chichester, NCSC Director of Operations, said: “Botnet operations represent a significant threat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber attacks.

“Whilst the majority of botnets are used to conduct coordinated DDoS attacks, we know that some also have the ability to steal sensitive information.

Advertisement
Leonardo

“That’s why the NCSC, along with our partners in Five Eyes countries, is strongly encouraging organisations and individuals to act on the guidance set out in this advisory – which includes applying updates to internet-connected devices – to help prevent their devices from joining a botnet.”

As with similar botnets, the botnet described in this advisory is composed of a network of devices, known as bots, which are infected with a type of malware that provides threat actors with unauthorised remote access.

To recruit a new ‘bot’, the botnet system first compromised an internet-connected device using a known vulnerability exploit which then provides access to establish a remote command and control execution.

This advisory has been co-sealed by the NCSC and agencies in the United States, Australia, Canada and New Zealand.

Read the advisory in full

Advertisement
General Atomics LB
Goldilock partners with Kite for UK distribution

Defence Security

Goldilock partners with Kite for UK distribution

15 September 2025

The NATO-backed cybersecurity specialist behind physical connection controller FireBreak, Goldilock, has today announced Kite Distribution as its primary UK distributor, to help it meet growing demand for more robust and practical ways to protect critical networks in the face of persistent cyber threats.

ADS reveals 2024 value of aerospace, defence, security and space to Scotland

Aerospace Defence Security Space

ADS reveals 2024 value of aerospace, defence, security and space to Scotland

11 September 2025

The aerospace, defence, security and space sectors added £3.7 billion to Scotland’s economy in 2024, according to new data from ADS, equating to a 55% increase between 2020 and 2024.

Prison laptop project delivers beneficial returns

Security

Prison laptop project delivers beneficial returns

10 September 2025

A service allowing prisoners to use laptops in their cells is worth £35 million a year to taxpayers, as it cuts violence and helps inmates to find work upon release, a new study shows.

Defence and security sectors

Defence Security

Defence and security sectors' value to UK doubles over a decade

9 September 2025

ADS data reveals that the defence, security and resilience sectors added £26.7 billion to the UK economy last year, an increase of 93% on the same period a decade ago.

Advertisement
Amentum rectangle
Whitetree launches CIaaS at DSEI

Aerospace Defence Security Events

Whitetree launches CIaaS at DSEI

8 September 2025

Whitetree will unveil Competitive Intelligence as a Service (CIaaS) at this year’s DSEI – a new offering designed to help defence, aerospace and critical national infrastructure suppliers gain the edge in high-stakes bids.

ADS to host over 180 companies at DSEI 2025

Defence Security Events

ADS to host over 180 companies at DSEI 2025

8 September 2025

For Defence and Security Equipment International (DSEI), ADS - the trade association for the UK’s aerospace, defence, security and space industries - is hosting 180 organisations at the ADS Pavilion.

Advertisement
Siemens rectangle