- Posted September 19, 2024
- Media Releases
The GCSB’s National Cyber Security Centre (NCSC) has joined international partners to highlight and mitigate the threat posed by a network of compromised nodes (a 'botnet') created by People’s Republic of China (PRC)-linked cyber actors to enable malicious cyber activity.
The acting Deputy Director-General Cyber Security, Michael Jagusch, said the NCSC and partners have published a joint cyber security advisory(external link) to call out this activity and to provide advice that will enable cyber defenders to identify and mitigate the risks associated with the operation of the botnet.
International partners include The Federal Bureau of Investigation (FBI), the United States Cyber National Mission Force (CNMF), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).
Mr Jagusch said the joint cyber security advisory states that PRC-linked cyber actors have compromised internet-connected devices including small office/home office (SOHO) routers, firewalls, network-attached storage (NAS) and internet of things (IoT) devices with the goal of creating a network of compromised nodes (a ‘botnet’) positioned for malicious activity.
The advisory identifies that Integrity Technology Group, a PRC-based company, as the organisation controlling and managing the botnet, which has been active since mid-2021.
“The botnet has regularly maintained between tens to hundreds of thousands of compromised devices. As of June 2024, the botnet consisted of over 260,000 devices.
“Compromised devices that were part of the botnet have been observed in North America, Europe, Africa, Southeast Asia, and Oceania, including New Zealand.
“The NCSC and partners are releasing this advisory to highlight the threat posed by these actors and their botnet activity and to encourage exposed device vendors, owners, and operators to update and secure their devices from being compromised and joining the botnet.
“Cybersecurity companies can also leverage the information in this advisory to assist with identifying malicious activity and to reduce the number of devices present in botnets worldwide,” Mr Jagusch said.
“Our NCSC works extensively with New Zealand organisations, the cyber security industry and international partners to identify and mitigate cyber threats facing New Zealand organisations and individuals.
“It deploys a range of cyber security capabilities including Malware Free Networks and the Phishing Disruption Service to share cyber threat intelligence to help protect New Zealander from a range of threats,” he said.
Ends
Media contact: media@ncsc.govt.nz