Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC and partners issue advice to counter campaign targeting devices

Security

NCSC and partners issue advice to counter campaign targeting devices

The National Cyber Security Centre (NCSC) – a part of GCHQ – has issued a new advisory alongside partners in the US, Australia, Canada and New Zealand, which reveals how a company based in China with links to China’s government, has managed a botnet consisting of over 260,000 compromised devices around the world.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock

The UK and international allies are urging individuals and organisations to take protective action after exposing a global network of compromised internet-connected devices operated by a China-linked company and used for malicious purposes.

Advertisement
Leonardo

A botnet is a network of internet-connected devices that are infected with malware and controlled by a group to conduct co-ordinated cyber attacks without the owners’ knowledge.

The compromised devices include routers, firewalls, and Internet of Things (IoT) devices – including webcams and CCTV cameras – which can then be used by the actors for a variety of malicious purposes, such as anonymous malware delivery and distributed denial of service (DDoS) attacks.

The advisory names Integrity Technology Group as responsible for controlling and managing the botnet, which has been active since mid-2021, and has been utilised by the malicious cyber actor commonly known as Flax Typhoon.

The advisory shares technical details and mitigation advice to help defend against malicious activity delivered through this botnet. It also highlights the risk to owners of how unpatched and end-of-life equipment can be exploited by malicious cyber actors.

Paul Chichester, NCSC Director of Operations, said: “Botnet operations represent a significant threat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber attacks.

“Whilst the majority of botnets are used to conduct coordinated DDoS attacks, we know that some also have the ability to steal sensitive information.

Advertisement
ODU RT

“That’s why the NCSC, along with our partners in Five Eyes countries, is strongly encouraging organisations and individuals to act on the guidance set out in this advisory – which includes applying updates to internet-connected devices – to help prevent their devices from joining a botnet.”

As with similar botnets, the botnet described in this advisory is composed of a network of devices, known as bots, which are infected with a type of malware that provides threat actors with unauthorised remote access.

To recruit a new ‘bot’, the botnet system first compromised an internet-connected device using a known vulnerability exploit which then provides access to establish a remote command and control execution.

This advisory has been co-sealed by the NCSC and agencies in the United States, Australia, Canada and New Zealand.

Read the advisory in full

Advertisement
Siemens leaderboard
GPS tags reduce reoffending

Security

GPS tags reduce reoffending

29 August 2025

Reoffending by burglars, robbers and thieves has been cut by 20% thanks to the tracking of their movements with tags, a new report published earlier this week has found.

Galvion hits 1.25m helmets milestone

Defence Security Events

Galvion hits 1.25m helmets milestone

28 August 2025

Galvion has reached a significant head system sales milestone with over 1.25 million helmets ordered by NATO and allied customers.

New SIA Chair to be appointed in 2026

Security

New SIA Chair to be appointed in 2026

27 August 2025

Heather Baily, the Chair of the Security Industry Authority (SIA) has today announced that she will be stepping down from the role on 28th February 2026.

PAL Aerospace to acquire Airtask Group

Aerospace Security

PAL Aerospace to acquire Airtask Group

26 August 2025

PAL Aerospace has completed its acquisition of Milton Keynes-headquartered Airtask Group, subject to certain regulatory matters.

Advertisement
DSEI 2025
MoD Police receive two new intercept and escort boats

Defence Security

MoD Police receive two new intercept and escort boats

26 August 2025

Defence, Equipment & Support (DE&S) has delivered the first two of 24 new Intercept and Escort Craft to Ministry of Defence (MoD) Police under the fleet modernisation programme across three naval bases.

British Army EOD troop move into new base

Defence Security

British Army EOD troop move into new base

21 August 2025

A specialist British Army Explosive Ordnance Disposal (EOD) troop has moved into its new home at Gamecock Barracks, Nuneaton, Warwickshire.

Advertisement
DSEI 2025