A dozen allied agencies say China is building covert hacker networks out of everyday routers

U.S. and international cybersecurity agencies warn that China-nexus actors are increasingly using large, externally provisioned covert networks of compromised SOHO routers and IoT devices—including botnets like Raptor Train (≈200,000 devices)—to enable reconnaissance, malware delivery, espionage, and pre-positioning against critical infrastructure; the advisory names groups such as Volt Typhoon and Flax Typhoon and recommends layered defensive measures and active hunting by high-risk organizations.