Forum: Too Lazy BBS

CISA, NCSC-UK and Partners Release Cybersecurity Advisory on Chinese Government-Linked Covert Networks

From CISA@cisa@messages.cisa.gov to cisa@toolazy.synchro.net on Thu Apr 23 14:05:12 2026

--===============0155328280674040699==
Content-Type: multipart/alternative; boundary="===============0039577584964487346=="
MIME-Version: 1.0

--===============0039577584964487346==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Cybersecurity and Infrastructure Security Agency (CISA)

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infras= tructure Security Agency. This information has recently been updated and is=
now available.

=E2=80=8B=E2=80=8BCISA, NCSC-UK and Partners Release Cybersecurity Advisory=
on Chinese Government-Linked Covert Networks [ https://www.cisa.gov/news-e= vents/cybersecurity-advisories/aa26-113a ] 04/23/2026 10:00 AM EDT=20

CISA and the United Kingdom=E2=80=99s National Cyber Security Centre, in co= llaboration with other federal and international partners, have released=C2= =A0a cybersecurity advisory,=C2=A0Defending Against China-nexus=C2=A0Covert= =C2=A0Networks of Compromised Devices [ https://www.cisa.gov/news-events/cy= bersecurity-advisories/aa26-113a ],=C2=A0providing=C2=A0network defenders w= ith=C2=A0vital tools and resources to combat the threat posed by Chinese go= vernment-linked threat actors=E2=80=99 use of covert networks of compromise=
d devices.

The advisory outlines tactics, techniques, and procedures associated with C= hinese government-linked covert networks built from compromised small-offic= e-home-office routers, Internet of Things, and smart devices. It explains h=
ow threat actors leveraging these covert networks, including those previous=
ly tied to groups such as Volt Typhoon and Flax Typhoon, use large scale bo= tnet infrastructure to obscure attribution and enable reconnaissance, intru= sion, command-and-control, and data exfiltration.=C2=A0

The advisory provides tailored defensive guidance for cyber defenders to id= entify, baseline, and mitigate activity originating from dynamic, deniable = covert networks to reduce the risk of organizational compromise.=C2=A0

CISA and partners recommend the following steps to protect against this thr= eat:=C2=A0

* Map and understand network edge devices, developing a clear understandi=
ng of organizational assets and what should be connected to them.=C2=A0=20
* Baseline normal connections, especially to corporate VPNs or other simi= lar devices.=20
* Maintain log collection and storage solutions to assist with detecting = and responding to unauthorized access attempts.=C2=A0=20
* Implement multifactor authentication for remote connections.=C2=A0=20

For more information on Chinese government-linked threat actor activity, pl= ease visit CISA's China Threat Overview and Advisories [ https://www.cisa.g= ov/topics/cyber-threats-and-advisories/nation-state-cyber-actors/china ] pa= ge. CISA also provides helpful resources on the Edge Device Security [ http= s://www.cisa.gov/topics/cybersecurity-best-practices/edge-device-security ]=
webpage.=C2=A0

Please share your thoughts with us through this anonymous survey [ https://= cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?Source=3DGovDeliv= eryhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113a ]. W=
e appreciate your feedback.=C2=A0

This product is provided subject to this Notification [ https://www.cisa.go= v/notification ] and this Privacy & Use [ https://www.cisa.gov/privacy-poli=
cy ] policy.=C2=A0

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight=
: normal; font-style: normal; color: #333333; }=20

Having trouble viewing this message?=C2=A0View it as a webpage [ https://co= ntent.govdelivery.com/accounts/USDHSCISA/bulletins/4141e09 ].=C2=A0 [ https= ://content.govdelivery.com/accounts/USDHS/bulletins/292141e ]

You are subscribed to updates from the Cybersecurity and Infrastructure Sec= urity Agency [ https://www.cisa.gov ] (CISA)
Manage Subscriptions [ https://public.govdelivery.com/accounts/USDHSCISA/su= bscriber/edit?preferences=3Dtrue#tab1 ]=C2=A0=C2=A0|=C2=A0=C2=A0Privacy Pol= icy [ https://www.cisa.gov/privacy-policy ]=C2=A0=C2=A0|=C2=A0 Help [ https= ://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https:/= /insights.govdelivery.com/Communications/Subscriber_Help_Center ]

Connect with CISA:=20
Facebook [ https://www.facebook.com/CISA ]=C2=A0 |=C2=A0 Twitter [ https://= twitter.com/CISAgov ]=C2=A0 |=C2=A0 Instagram [ https://Instagram.com/cisag=
ov ]=C2=A0 |=C2=A0 LinkedIn [ https://www.linkedin.com/company/cybersecurit= y-and-infrastructure-security-agency ]=C2=A0 |=C2=A0=C2=A0 YouTube [ https:= //www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ]

________________________________________________________________________

This email was sent to cisa@toolazy.synchro.net using GovDelivery Communica= tions Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency=
=C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202 GovDelivery logo [ = https://subscriberhelp.granicus.com/ ]=20
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margi= n-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_displa=
y img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; ma= rgin-right:0px;}

--===============0039577584964487346==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml" xml:lang=3D"en" lang=3D"en"> <head>
<title> =E2=80=8B=E2=80=8BCISA, NCSC-UK and Partners Release Cybersecuri=
ty Advisory on Chinese Government-Linked Covert Networks
</title>

</head>
<body style=3D"">

<table width=3D"700" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=
align=3D"center">
<tr>
<td>


<a name=3D"gd_top" id=3D"gd_top"></a>

=20

<img src=3D"https://content.govdelivery.com/attachments/fancy_images/U= SDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" al= t=3D"Cybersecurity and Infrastructure Security Agency (CISA)" title=3D"" wi= dth=3D"600" height=3D"100">
You are subscribed to Cybersecurity Advisories for Cybersecurity and I= nfrastructure Security Agency. This information has recently been updated a=
nd is now available.
<div class=3D"rss_title" style=3D"font-weight: bold; font-size: 120%; margi=
n: 0 0 0.3em; padding: 0;"><a href=3D"https://www.cisa.gov/news-events/cybe= rsecurity-advisories/aa26-113a" target=3D"_blank" title=3D"CISA, NCSC-UK an=
d Partners Release Cybersecurity Advisory on Chinese Government-Linked Cove=
rt Networks" rel=3D"noopener">=E2=80=8B=E2=80=8BCISA, NCSC-UK and Partners = Release Cybersecurity Advisory on Chinese Government-Linked Covert Networks= </a></div>
<div class=3D"rss_pub_date" style=3D"font-size: 90%; font-style: italic; co= lor: #666666; margin: 0 0 0.3em; padding: 0;">04/23/2026 10:00 AM EDT</div> CISA and the United Kingdom=E2= =80=99s National Cyber Security Centre, in collaboration with other federal=
and international partners, have released=C2=A0a cybersecurity advisory,= =C2=A0<a href=3D"https://www.cisa.gov/news-events/cybe= rsecurity-advisories/aa26-113a" target=3D"_blank" class=3D"Hyperlink SCXW11= 6057412 BCX8" rel=3D"noopener">Defending Against China-nexus<sp= an>=C2=A0Covert=C2=A0Netw= orks of Compromised Devices</a>,=C2=A0providing=C2=A0network defenders with=C2=A0<span=
class=3D"NormalTextRun SCXW116057412 BCX8">vital tools and resources to co= mbat the threat posed by Chinese government-linked threat actors=E2=80=99 u=
se of covert networks of compromised devices.
The advisory outlines tactics, t= echniques, and procedures associated with Chinese government-linked covert = networks built from compromised small-office-home-office routers, Internet =
of Things, and smart devices. It explains how threat actors leveraging thes=
e covert networks, including those previously tied to groups such as Volt T= yphoon and Flax Typhoon, use large scale botnet infrastructure to obscure a= ttribution and enable reconnaissance, intrusion, command-and-control, and d= ata exfiltration.=C2=A0
The advisory provides tailored d= efensive guidance for cyber defenders to identify, baseline, and mitigate a= ctivity originating from dynamic, deniable covert networks to reduce the ri=
sk of organizational compromise.=C2=A0
CISA and partners recommend the = following steps to protect against this threat:=C2=A0

<li><span=
class=3D"NormalTextRun SCXW116057412 BCX8">Map and understand network edge=
devices, developing a clear understanding of organizational assets and wha=
t should be connected to them.=C2=A0</li>
<li><span=
class=3D"NormalTextRun SCXW116057412 BCX8">Baseline normal connections, es= pecially to corporate VPNs or other similar devices.</li> <li><span=
class=3D"NormalTextRun SCXW116057412 BCX8">Maintain log collection and sto= rage solutions to assist with detecting and responding to unauthorized acce=
ss attempts.=C2=A0</li>
<li><span=
class=3D"NormalTextRun SCXW116057412 BCX8">Implement multifactor authentic= ation for remote connections.=C2=A0</li>
</ul>
For more information on Chinese = government-linked threat actor activity, please visit CISA's <a href=3D"htt= ps://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-ac= tors/china" target=3D"_blank" title=3D"China Threat Overview and Advisories=
" rel=3D"noopener">China Threat Overview and Advisories</a> page. CISA also=
provides helpful resources on the <a href=3D"https://www.cisa.gov/topics/c= ybersecurity-best-practices/edge-device-security" target=3D"_blank" title= =3D"Edge Device Security" rel=3D"noopener">Edge Device Security</a> webpage= .=C2=A0
Please share your thoughts with =
us through this <a href=3D"https://cisasurvey.gov1.qualtrics.com/jfe/form/S= V_9n4TtB8uttUPaM6?Source=3DGovDeliveryhttps://www.cisa.gov/news-events/cybe= rsecurity-advisories/aa26-113a" target=3D"_blank" title=3D"anonymous survey=
" rel=3D"noopener">anonymous survey</a>. We appreciate your feedback.=C2=A0= 
This product is provided subject to this <a href=3D"https://www.cisa.gov= /notification" target=3D"_blank" title=3D"Notification" rel=3D"noopener">No= tification</a> and this <a href=3D"https://www.cisa.gov/privacy-policy" tar= get=3D"_blank" title=3D"Privacy & Use" rel=3D"noopener">Privacy & U= se</a> policy.=C2=A0
<style>body {
font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: norma=
l; font-style: normal; color: #333333;
}
</style>
=20

<div id=3D"mail_footer">
Having trouble viewing this message?=C2=A0<a href=3D"ht= tps://content.govdelivery.com/accounts/USDHSCISA/bulletins/4141e09" target= =3D"_blank" rel=3D"noopener">View it as a webpage</a>.=C2=A0<a href=3D"http= s://content.govdelivery.com/accounts/USDHS/bulletins/292141e" target=3D"_bl= ank" rel=3D"noopener"></a>
You are subscribed to updates from the <a href=3D"https://w= ww.cisa.gov">Cybersecurity and Infrastru= cture Security Agency</a> (CISA) <a href=3D"https://public.govdelivery.com/account= s/USDHSCISA/subscriber/edit?preferences=3Dtrue#tab1" target=3D"_blank" rel= =3D"noopener">Manage Sub= scriptions</a>=C2=A0=C2=A0|=C2=A0=C2=A0<a href=3D"https://www.cisa.gov/privacy-policy=
" target=3D"_blank" rel=3D"noopener">Privacy Policy</a>=C2=A0=C2=A0|=C2=A0 <a href=3D"https://subscriberhelp.granicu= s.com/s/article/Subscriber-Help-Center" target=3D"_blank" rel=3D"noopener">= Help</a><a href=3D"https://insights.govdelivery.com/Communications/Subscrib= er_Help_Center" target=3D"_blank" rel=3D"noopener"></a>
Connect with CISA: <a href=3D"https://www.facebook.com/= CISA" target=3D"_blank" rel=3D"noopener">Facebook</a>=C2=A0 |=C2=A0 <a href=3D"https://twitter.com/CISAgov" t= arget=3D"_blank" rel=3D"noopener">Twitter</a>=C2=A0 |=C2=A0 <a href=3D"https://Instagram.com/cisagov" target= =3D"_blank" rel=3D"noopener">Instagram</a>=C2=A0 |=C2=A0 <a href=3D"https://www.linkedin.com/company/cybersec= urity-and-infrastructure-security-agency" target=3D"_blank" rel=3D"noopener= ">LinkedIn</a><sp=
an style=3D"font-size: 10.0pt; color: #757575;">=C2=A0 |=C2=A0=C2=A0 </span= ><a href=3D"https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A" targe= t=3D"_self">YouTube</spa= n></a>

</div>
<div id=3D"tagline">
<hr>
<table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=

<tbody>

<td style=3D"color: #757575; font-size: 10px; font-family: Arial;" width=3D= "89%">This email was sent to cisa@toolazy.synchro.net using GovDelivery Com= munications Cloud, on behalf of: Cybersecurity and Infrastructure Security = Agency =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202</td>
<td align=3D"right" width=3D"11%"><a href=3D"https://subscriberhelp.granicu= s.com/" target=3D"_blank" rel=3D"noopener"><img src=3D"https://content.govd= elivery.com/images/govd-logo-dark.png" border=3D"0" alt=3D"GovDelivery logo=
" width=3D"115"></a></td>
</tr>
</tbody>
</table>
<style type=3D"text/css">body .abe-column-block { min-height: 5px; } table.= gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_ta= ble div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell=
img {margin-left:0px; margin-right:0px;}</style>

</div>
</td>
</tr>
</table>

<img alt=3D"" src=3D"https://links-2.govdelivery.com/CI0/0101019dbaa8b75b-6= c75389c-7991-437b-aa35-0b32bd9afdbf-000000/zyp5zGicdMk6Pa1r18oZOATYPhE94Gf9= 8_OqrlFHm1A=3D452" style=3D"display: none; width: 1px; height: 1px;">
</body>
</html>

--===============0039577584964487346==--

--===============0155328280674040699==--

Who's Online
Recent Visitors
- Geek2
  Sat May 23 08:24:00 2026
  from Euclid, Oh via Telnet
- Geek2
  Fri May 22 11:24:57 2026
  from Euclid, Oh via Telnet
- Geek2
  Fri May 22 07:05:03 2026
  from Euclid, Oh via Telnet
- Awehttam
  Fri May 22 00:59:23 2026
  from Vancouver Canada via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	66
Nodes:	6 (0 / 6)
Uptime:	68:29:10
Calls:	871
Files:	1,313
D/L today:	322 files (673M bytes)
Messages:	266,253

​​CISA, NCSC-UK and Partners Release Cybersecurity Advisory on Chinese Government-Linked Covert Networks

Who's Online

Recent Visitors

System Info

CISA, NCSC-UK and Partners Release Cybersecurity Advisory on Chinese Government-Linked Covert Networks