Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC and partners issue advice to counter campaign targeting devices

Security

NCSC and partners issue advice to counter campaign targeting devices

The National Cyber Security Centre (NCSC) – a part of GCHQ – has issued a new advisory alongside partners in the US, Australia, Canada and New Zealand, which reveals how a company based in China with links to China’s government, has managed a botnet consisting of over 260,000 compromised devices around the world.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock

The UK and international allies are urging individuals and organisations to take protective action after exposing a global network of compromised internet-connected devices operated by a China-linked company and used for malicious purposes.

Advertisement
ODU RT

A botnet is a network of internet-connected devices that are infected with malware and controlled by a group to conduct co-ordinated cyber attacks without the owners’ knowledge.

The compromised devices include routers, firewalls, and Internet of Things (IoT) devices – including webcams and CCTV cameras – which can then be used by the actors for a variety of malicious purposes, such as anonymous malware delivery and distributed denial of service (DDoS) attacks.

The advisory names Integrity Technology Group as responsible for controlling and managing the botnet, which has been active since mid-2021, and has been utilised by the malicious cyber actor commonly known as Flax Typhoon.

The advisory shares technical details and mitigation advice to help defend against malicious activity delivered through this botnet. It also highlights the risk to owners of how unpatched and end-of-life equipment can be exploited by malicious cyber actors.

Paul Chichester, NCSC Director of Operations, said: “Botnet operations represent a significant threat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber attacks.

“Whilst the majority of botnets are used to conduct coordinated DDoS attacks, we know that some also have the ability to steal sensitive information.

Advertisement
ODU RT

“That’s why the NCSC, along with our partners in Five Eyes countries, is strongly encouraging organisations and individuals to act on the guidance set out in this advisory – which includes applying updates to internet-connected devices – to help prevent their devices from joining a botnet.”

As with similar botnets, the botnet described in this advisory is composed of a network of devices, known as bots, which are infected with a type of malware that provides threat actors with unauthorised remote access.

To recruit a new ‘bot’, the botnet system first compromised an internet-connected device using a known vulnerability exploit which then provides access to establish a remote command and control execution.

This advisory has been co-sealed by the NCSC and agencies in the United States, Australia, Canada and New Zealand.

Read the advisory in full

Advertisement
Babcock LB
QinetiQ and Metasonixx collaborate on vehicle cooling and noise reduction

Defence Security

QinetiQ and Metasonixx collaborate on vehicle cooling and noise reduction

3 October 2024

As part of their strategic relationship, Metasonixx and QinetiQ have applied their expertise in novel technologies to successfully manage noise and ventilation in vehicles.

ALL.SPACE secures $44m funding to boost defence and space capabilities

Aerospace Defence Security Space

ALL.SPACE secures $44m funding to boost defence and space capabilities

3 October 2024

Provider of advanced communications technology, ALL.SPACE, has announced $44 million in funding to fuel the commercial launch of its first-generation terminal.

Darktrace formally completes its acquisition by Thoma Bravo

Security

Darktrace formally completes its acquisition by Thoma Bravo

3 October 2024

Cambridge based Darktrace has announced the completion of its acquisition by Thoma Bravo, a software investment firm, for $5.3 billion.

SIA confirms refresher training required for some licence renewals

Security

SIA confirms refresher training required for some licence renewals

3 October 2024

From Tuesday 1st April 2025, door supervisors and security guards must undertake refresher training to renew their licence.

Advertisement
ODU RT 2
Ten Welsh organisations strike Gold

Defence Security Events

Ten Welsh organisations strike Gold

2 October 2024

Ten employers have been presented with the prestigious Employer Recognition Scheme (ERS) Gold Award at a special ceremony in Cardiff.

Meet the Buyer launches at Advanced Engineering 2024

Aerospace Defence Security Events

Meet the Buyer launches at Advanced Engineering 2024

1 October 2024

ADS is returning once again to the Advanced Engineering show at the NEC Birmingham on 30th - 31st October, delivering a two-day Meet the Buyer event.

Advertisement
ODU RT 2