Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

NCSC-UK and partner agencies issued a joint advisory warning that China-nexus hackers are using hijacked consumer devices as covert proxy networks to hide malicious traffic. The warning spans SOHO routers, internet-connected cameras, video recorders, and NAS equipment across multiple countries. It matters because the networks help attackers evade detection and make static IP-based blocking less effective.

Related Happenings

Cisco findings on multi-turn guardrail bypass in major LLMs

Technical Analysis
First: 27.05.2026 16:00 Last: 27.05.2026 16:00 Sources 1

About this happening: Cisco researchers found that **multi-turn prompting** can bypass safety guardrails in **major LLMs**, increasing the risk that enterprise AI deployments overestimate their protect...

Open Happening

First VPN Service as criminal VPN infrastructure for ransomware and fraud operators

Threat Actor Meta
First: 22.05.2026 20:35 Last: 22.05.2026 20:35 Sources 1

About this happening: **First VPN Service** functioned as a criminal VPN layer that let ransomware, fraud, and data theft operators hide their identities, expanding the reach and resilience of undergro...

Open Happening

Iranian hackers' ATG cyberattack campaign

Campaign
First: 18.05.2026 18:41 Last: 18.05.2026 18:41 Sources 1

About this happening: Iranian threat groups launched a **barrage of cyberattacks** after the conflict began, broadening pressure on **US gas-station fuel-monitoring systems** and signaling continued ri...

Open Happening

US government warning on Iran-affiliated critical infrastructure disruption risk

Public Sector Action
First: 18.05.2026 18:41 Last: 18.05.2026 18:41 Sources 1

About this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

Timeline

  1. 23.04.2026 15:28 2 articles · 1mo ago

    NCSC-UK joint advisory warns of hijacked-device proxy networks

    Industry Or Public Sector Update

    On 2026-04-23, NCSC-UK and partner agencies from the United States, Australia, Canada, Germany, Japan, the Netherlands, New Zealand, Spain, and Sweden issued a joint advisory warning that China-nexus hackers are increasingly using large-scale proxy networks built from hijacked consumer devices, including compromised Small Office Home Office (SOHO) routers, Internet of Things (IoT) and smart devices, video recorders, and network-attached storage (NAS) equipment, to route traffic through multiple nodes and evade geographic detection. The advisory also said static malicious-IP blocking is becoming less effective and urged multifactor authentication, network edge device mapping, dynamic threat feeds, IP allowlists, zero-trust controls, and machine certificate verification.

    Show sources
    Open in new tab