NZ cyber security agency joins global effort against PRC botnet
The National Cyber Security Centre (NCSC) of New Zealand has joined forces with international partners to address the threat posed by a botnet network, attributed to cyber actors linked to the People's Republic of China (PRC).
This collaborative effort aims to mitigate the damage caused by the compromised nodes, which facilitate malicious cyber activities.
Acting Deputy Director-General of Cyber Security at the NCSC, Michael Jagusch, stated that the organisation, along with its partners, has released a joint cyber security advisory. This document aims to call out the harmful activities and provide essential advice to aid cyber defenders in identifying and mitigating the risks associated with the botnet's operation.
The international partners participating in this initiative include the Federal Bureau of Investigation (FBI), the United States Cyber National Mission Force (CNMF), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom's National Cyber Security Centre (NCSC-UK).
According to Jagusch, the advisory outlines that cyber actors linked to the PRC have compromised various internet-connected devices. These include small office/home office (SOHO) routers, firewalls, network-attached storage (NAS), and internet of things (IoT) devices, aiming to create a botnet poised for malicious activities.
The advisory further identifies a PRC-based organisation, Integrity Technology Group, as the entity responsible for managing and controlling the botnet, which has been active since mid-2021.
"The botnet has regularly maintained between tens to hundreds of thousands of compromised devices. As of June 2024, the botnet consisted of over 260,000 devices," Jagusch said. He added that the compromised devices forming part of the botnet have been detected across North America, Europe, Africa, Southeast Asia, and Oceania, including New Zealand.
"The NCSC and partners are releasing this advisory to highlight the threat posed by these actors and their botnet activity and to encourage exposed device vendors, owners, and operators to update and secure their devices from being compromised and joining the botnet," he asserted.
Jagusch also mentioned that cybersecurity companies could use the information provided in the advisory to help identify malicious activities and reduce the number of devices incorporated into botnets globally.
"Our NCSC works extensively with New Zealand organisations, the cyber security industry, and international partners to identify and mitigate cyber threats facing New Zealand organisations and individuals. It deploys a range of cyber security capabilities including Malware Free Networks and the Phishing Disruption Service to share cyber threat intelligence to help protect New Zealanders from a range of threats," he concluded.