The Federal Bureau of Investigation (FBI), Cyber National Mission Force (CNMF), and National Security Agency (NSA) issued a Joint Cyber Security Advisory about People’s Republic of China (PRC)-linked cyber actors who have compromised internet-connected devices worldwide to create a botnet and conduct malicious activity.
The advisory, titled “People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations,” stresses the hazards presented by these actors (Integrity Technology Group) and their botnet that has, “regularly maintained between tens to hundreds of thousands of compromised devices.”
From mid-2021 to June 2024, the botnet has consisted of over 260,000 devices. Victim devices have been reported in North America, South America, Europe, Africa, Southeast Asia and Australia.
According to a release from the NSA, recommended actions from the authors of the advisory are as follows:
- “Regularly apply patches and updates, using automatic updates from trusted providers when available.
- Disable unused services and ports, such as automatic configuration, remote access, or file sharing protocols, which threat actors may abuse to gain initial access or to spread malware to other networked devices.
- Replace default passwords with strong passwords.
- Implement network segmentation with the principle of least privilege to ensure IoT devices within a larger network pose known, limited, and tolerable risks.
- Monitor for high network traffic volumes to detect and mitigate DDoS incidents.
- Plan for device reboots to remove non-persistent malware.
- Replace end-of-life equipment with supported devices.”