Security authorities warn of Chinese co-users
Intelligence services warn of attackers from China using compromised infrastructure of unsuspecting individuals for operations.
(Image: FOTOGRIN / Shutterstock.com)
“China-linked actors” are said to have massively changed their tactics and are now primarily using compromised end devices of unsuspecting small businesses and home users for obfuscation. This is pointed out by the Federal Intelligence Service (BND), the Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz, BfV), the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) and international partner authorities such as the FBI, NSA and other intelligence and cybersecurity agencies in a coordinated warning. The National Cyber Security Centre of the United Kingdom (NCSC) was again in charge, publishing an extensive report.
Reconfiguration to suit attacker and target
“Anyone targeted by China-linked cyber actors can be affected through origin-obscuring networks,” the NCSC statement says. Both in attacks by the Volt Typhoon group and Flax Typhoon, different such networks have been noticed. Raptor Train was noticed in 2024 with a network of more than 200,000 compromised devices, ranging from routers to IoT devices such as networked cameras, video recorders, network storage devices, or firewalls.
Videos by heise
According to the recommendations, it is apparently new that the attackers do not always use the same methods for co-opting foreign infrastructures, but rather individually assemble new obfuscation networks for each campaign according to the specific need. The security authorities, emphasizes the Federal Office for the Protection of the Constitution, also detect compromised end devices in Germany if they are used for attacks – but only then.
No single defense option
Particularly unsatisfactory for potentially affected parties: There is no single fix for the problems that arise from the unwanted co-users in one's own network. The NCSC primarily recommends cybersecurity hygiene measures such as promptly updating devices, systematically checking network traffic for anomalies, and clear network segmentation as much as possible.
(wpl)
