Defending Against China-Nexus Covert Networks of Compromised Devices

**Executive summary:** This advisory from the NCSC and international partners warns that China-nexus cyber actors increasingly rely on large, dynamic covert networks of compromised SOHO routers and IoT devices (botnets) to conduct reconnaissance, deliver malware, command-and-control, and exfiltrate data; it describes typical network topology, provides mitigation recommendations (from basic hygiene to zero-trust and active hunting), and maps the activity to MITRE ATT&CK techniques.