9 countries warn China-linked hackers using home routers and smart devices to hide attacks

Published: 23 April 2026

Last updated: 24 April 2026

Reuters
Contribution by Izabelė Pukėnaitė

A grey LAN cable is plugged into the grey DSL slot of a white WLAN router, yellow, blue slots — A LAN cable is plugged into the DSL slot of a WLAN router. Fabian Sommer/picture alliance/Getty.

International cyber agencies on Thursday urged organisations to better defend against covert networks used by China-linked hackers to conceal malicious cyber activity, according to Britain's National Cyber Security Centre.

•Nine countries warn China-linked hackers are hijacking home routers and smart devices to build covert networks that hide cyberattacks.
The networks target critical sectors globally, steal data, and maintain persistent access with attacks hard to detect because evidence disappears quickly.
UK's NCSC handles four nationally significant cyber incidents per week, increasingly tied to governments rather than criminal gangs.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The NCSC published the new guidance alongside industry and 15 international partners from across eight other countries: the United States, Australia, Canada, Germany, Japan, the Netherlands, New Zealand and Spain.

Covert networks, usually made up of what the NCSC described as vulnerable everyday internet-connected devices such as home routers and smart devices, are used to target critical sectors globally, steal sensitive data, and maintain persistent access.

"In recent years, we have seen a deliberate shift in cyber groups based in China utilising these networks to hide their malicious activity in an attempt to avoid accountability," NCSC director of operations Paul Chichester said in a statement.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

For example, Cybernews has previously reported the experience of one engineer who found a backdoor in his robot vacuum. The backdoor allowed remote control of the gadget and also sent data to Chinese servers.

The Chinese foreign ministry did not immediately respond to a Reuters request for comment.

The new guidance - jointly issued with agencies including the US's Federal Bureau of Investigation - warns that attacks can be hard to detect because evidence can disappear quickly, complicating efforts to disrupt such activity.

The advisory comes a day after Richard Horne, the head of the NCSC, warned Britain to brace for a rise in cyberattacks directly or indirectly from nation states, including China, Iran and Russia.

Strong password generator

Upgrade the security of your online accounts.

Create strong passwords that are completely random and impossible to guess.

Convenient way to secure and use all your passwords. Now 72% OFF!

Get NordPass

He said his agency had continued to handle about four nationally significant cyber incidents a week on average and that the highest-impact attacks were increasingly tied to governments rather than criminal gangs alone.

Britain has also called on leading AI companies to work with the government to build AI-powered cyber-defence capabilities to protect critical national infrastructure.

Routers have become the riskiest IT device of 2026, with new research showing they contain an average of 32 security flaws per device. More than double the 14 vulnerabilities found in computers.

Forescout's 2026 report found that routers now account for roughly a third of the most critical, highly exploitable vulnerabilities across connected networks, a finding that comes as the FCC moves to block foreign-made routers from US networks.

Unlock more exclusive Cybernews content on YouTube.

Share

Post

Share