China-Linked Threat Actors Shift to Large-Scale Botnet Infrastructure Using Compromised Edge Devices

China-linked threat actors have transitioned from using individually procured infrastructure to large-scale covert networks, specifically botnets composed of compromised routers and other edge devices. The UK's National Cyber Security Centre (NCSC) issued an advisory in collaboration with the Cyber League and partner agencies to address this threat. The guidance emphasizes the need for organizations to map and baseline traffic from edge devices, particularly VPN and remote access connections. No specific dates, technical indicators, or CVE IDs were provided in the advisory. The shift in tactics highlights an increased reliance on exploiting everyday devices for cyber espionage operations.