Joint Advisory From CISA and NCSC-UK Shines A Spotlight On Covert Botnet Expansion
Barracuda Networks Blog, April 29,2026
CISA and NCSC-UK warn of rapidly expanding covert botnets controlled by Chinese cybercrime syndicates.
CISA and the National Cyber Security Centre in the UK have issued a joint advisory highlighting how Chinese cybercrime syndicates are shifting toward covert botnet networks to enable large-scale attacks that are harder to trace.
Notable threat actors like Volt Typhoon and Flax Typhoon are increasingly leveraging professionally maintained botnets, often managed by Chinese information security companies, to exploit vulnerable consumer and corporate devices for distributed denial of service attacks. The report notes that these botnets are expanding rapidly as threat actors shift from individually procured infrastructure to leveraging large-scale networks of compromised devices.
To mitigate these risks, organizations are advised to map their network devices, implement zero-trust policies, use VPNs, require machine certificates for SSL connections, and employ machine learning to detect anomalous behavior. Cybersecurity teams should monitor threat intelligence feeds tracking China-nexus covert networks as advanced persistent threats requiring specialized defenses.