Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC and partners issue advice to counter campaign targeting devices

Security

NCSC and partners issue advice to counter campaign targeting devices

The National Cyber Security Centre (NCSC) – a part of GCHQ – has issued a new advisory alongside partners in the US, Australia, Canada and New Zealand, which reveals how a company based in China with links to China’s government, has managed a botnet consisting of over 260,000 compromised devices around the world.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock

The UK and international allies are urging individuals and organisations to take protective action after exposing a global network of compromised internet-connected devices operated by a China-linked company and used for malicious purposes.

Advertisement
Cranfield

A botnet is a network of internet-connected devices that are infected with malware and controlled by a group to conduct co-ordinated cyber attacks without the owners’ knowledge.

The compromised devices include routers, firewalls, and Internet of Things (IoT) devices – including webcams and CCTV cameras – which can then be used by the actors for a variety of malicious purposes, such as anonymous malware delivery and distributed denial of service (DDoS) attacks.

The advisory names Integrity Technology Group as responsible for controlling and managing the botnet, which has been active since mid-2021, and has been utilised by the malicious cyber actor commonly known as Flax Typhoon.

The advisory shares technical details and mitigation advice to help defend against malicious activity delivered through this botnet. It also highlights the risk to owners of how unpatched and end-of-life equipment can be exploited by malicious cyber actors.

Paul Chichester, NCSC Director of Operations, said: “Botnet operations represent a significant threat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber attacks.

“Whilst the majority of botnets are used to conduct coordinated DDoS attacks, we know that some also have the ability to steal sensitive information.

Advertisement
ODU RT

“That’s why the NCSC, along with our partners in Five Eyes countries, is strongly encouraging organisations and individuals to act on the guidance set out in this advisory – which includes applying updates to internet-connected devices – to help prevent their devices from joining a botnet.”

As with similar botnets, the botnet described in this advisory is composed of a network of devices, known as bots, which are infected with a type of malware that provides threat actors with unauthorised remote access.

To recruit a new ‘bot’, the botnet system first compromised an internet-connected device using a known vulnerability exploit which then provides access to establish a remote command and control execution.

This advisory has been co-sealed by the NCSC and agencies in the United States, Australia, Canada and New Zealand.

Read the advisory in full

Advertisement
Aviation Africa LB Aviation Africa LB
Home Office and IBM to partner on Emergency Services Network

Security

Home Office and IBM to partner on Emergency Services Network

16 January 2025

The UK's frontline emergency services are to benefit from a new communications network that will modernise how they work together.

DEA Aviation secures export finance package

Aerospace Security

DEA Aviation secures export finance package

16 January 2025

Nottinghamshire based aerial data-acquisition company, DEA Aviation Limited, has secured Santander UK funding supported by UK Export Finance (UKEF).

HRH The Princess Royal opens Capita’s FSC Immersive Skills Lab

Security Events

HRH The Princess Royal opens Capita’s FSC Immersive Skills Lab

16 January 2025

HRH Princess Anne has opened a new Immersive Skills Lab, a purpose-built, fully flexible learning space at Capita’s Fire Service College (FSC), created to support practical and collaborative firefighter training and skills development.

Serco selects new legal panel

Defence Security Space

Serco selects new legal panel

16 January 2025

Serco has selected a new panel of four law companies to provide legal services to its UK & European business for the next three years.

Advertisement
ODU RT
ODU Connectors back at Southern Manufacturing & Electronics

Aerospace Defence Security Space Events

ODU Connectors back at Southern Manufacturing & Electronics

16 January 2025

ODU-UK Ltd will once again be showcasing their connector solutions at Southern Manufacturing & Electronics, taking place at the Farnborough International Exhibition Centre from 4th to 6th February.

Getac launches ZX10 fully rugged Android tablet

Security

Getac launches ZX10 fully rugged Android tablet

15 January 2025

Getac has launched its next generation ZX10 10-inch fully rugged Android tablet, which combines lightweight design with powerful AI-ready performance and intuitive Android functionality for use in the field.

Advertisement
Cranfield