A group of agencies, including the German domestic intelligence service, the UK's National Cyber Security Centre, the Australian Signals Directorate and numerous others, warned in a security advisory about "China-nexus cyber actors and their tactic of using large scale networks of compromised devices (covert networks) to route their cyber activity."
The new guidance - jointly issued with agencies including the US Federal Bureau of Investigation - warns the attacks can be hard to detect because evidence can disappear quickly, complicating efforts to disrupt such activity.
A custom-built infrastructure consisting mostly of compromised end devices and large-scale obfuscation networks has been used in various Chinese cyberattacks, the report said.
"In recent years, we have seen a deliberate shift in cyber groups based in China utilising these networks to hide their malicious activity in an attempt to avoid accountability," UK NCSC director of operations Paul Chichester said in a statement.
This particularly affects IT infrastructure for homes or small offices, smart devices and devices connected to the so-called Internet of Things, including networked cars.
The network of compromised devices was apparently used to spy on targets in the political sphere. Sensitive company data is also said to be targeted.
The report warned that the state-sponsored actors could be using the data taken from the networked devices.
The Chinese foreign ministry did not immediately respond to a request for comment.
The report recommended various protective measures, including multi-factor authentication for remote connections.
A China-backed group, dubbed Volt Typhoon by western authorities, has been flagged by agencies as a user of covert networks and quietly burrowed into key US infrastructure including rail, aviation and water systems.
with Reuters
12°C