News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Cyber security agencies call out PRC-linked ‘botnet’ and provide mitigation advice

Cyber security agencies call out PRC-linked ‘botnet’ and provide mitigation advice

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00am, 19 September 2024

TLP Rating: Clear

Cyber security agencies call out PRC-linked ‘botnet’ and provide mitigation advice

The GCSB’s National Cyber Security Centre (NCSC) has joined international partners to highlight and help mitigate the threat posed by a network of compromised nodes (a 'botnet') created by People’s Republic of China (PRC)-linked cyber actors to enable malicious cyber activity. 

Acting Deputy Director-General Cyber Security, Michael Jagusch, said the NCSC and partners have published a joint cyber security advisory to call out this activity and provide advice that will help cyber defenders identify and mitigate the risks associated with the botnet’s operation. 

Joint cyber security advisory: People’s Republic of China-linked actors compromise routers and IoT devices for botnet operations | U.S. Department of Defense  External Link

International partners include The Federal Bureau of Investigation (FBI), the United States Cyber National Mission Force (CNMF), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).

What's happening

Systems affected

Mr Jagusch said the joint cyber security advisory outlines how PRC-linked cyber actors have compromised internet-connected devices — including small office/home office (SOHO) routers, firewalls, network-attached storage (NAS), and internet of things (IoT) devices — to create a network of compromised nodes (a ‘botnet’) positioned for malicious activity. 

The advisory identifies Integrity Technology Group, a PRC-based company, as the organisation controlling and managing the botnet, which has been active since mid-2021.

What this means

“The botnet has regularly maintained between tens to hundreds of thousands of compromised devices. As of June 2024, the botnet consisted of over 260,000 devices. 

“Compromised devices that were part of the botnet have been observed in North America, Europe, Africa, Southeast Asia, and Oceania, including New Zealand.” 

What to look for

How to tell if you're at risk

“The NCSC and partners are releasing this advisory to highlight the threat posed by these actors and their botnet activity and to encourage exposed device vendors, owners, and operators to update and secure their devices from being compromised and joining the botnet. 

What to do

Prevention

“Cybersecurity companies can also leverage the information in this advisory to assist with identifying malicious activity and to reduce the number of devices present in botnets worldwide,” Mr Jagusch said. 

“Our NCSC works extensively with New Zealand organisations, the cyber security industry and international partners to identify and mitigate cyber threats facing New Zealand organisations and individuals. 

“It deploys a range of cyber security capabilities including Malware Free Networks and the Phishing Disruption Service to share cyber threat intelligence to help protect New Zealanders from a range of threats,” he said. 

More information

Media contact: media@ncsc.govt.nz