On April 23, 2026, the United Kingdom’s National Cyber Security Centre (NCSC) issued a comprehensive security advisory warning British firms that Chinese state-sponsored hacking groups are increasingly hijacking everyday internet-connected devices to conduct espionage. The warning, released in coordination with cyber agencies from nine other nations, highlights a strategic shift toward using covert networks or botnets to obscure the origins of cyberattacks. These operations target vulnerable consumer hardware, such as Wi-Fi routers, webcams, and printers, to create a staging ground for surveillance and the theft of sensitive corporate data.
Richard Horne, Chief Executive of the NCSC, addressed the threat during the agency’s annual conference in Glasgow, describing the technical capabilities of China’s intelligence and military agencies as possessing an eye-watering level of sophistication. Horne stated that the UK now faces a peer competitor in cyberspace, noting that the majority of China-linked cyber actors have adopted these botnet techniques. The shift in tactics is designed to blend malicious traffic with legitimate home and office internet activity, making it significantly harder for traditional security systems to identify and block intrusion attempts.
The international advisory includes contributions from the United States, Australia, Canada, Germany, and Japan, reflecting a broad consensus among Western intelligence allies regarding the nature of the threat. Officials noted that the hijacked devices are often older models or those that have not been updated with the latest security patches. By exploiting these vulnerabilities in peripheral hardware, attackers can establish a persistent presence within a network without directly attacking more heavily fortified central servers.
Geopolitically, the announcement underscores the deepening friction between the UK and China over technological security and intellectual property. The NCSC’s report follows previous warnings about the integration of Chinese-made components in critical national infrastructure. By naming China-linked groups as the primary practitioners of these botnet attacks, the UK government is signaling a more assertive posture in attributing cyber activity to state actors. The advisory serves as a formal directive for companies to audit their hardware inventories and decommission legacy equipment that can no longer be secured.
While the NCSC did not provide a specific count of compromised devices in the UK, the agency emphasized that the scale of the global botnets used by these groups is vast. The guidance issued on April 23 urges organizations to implement multi-factor authentication and to ensure that all internet-facing devices are subject to rigorous patch management protocols. The NCSC concluded that the persistent nature of these covert networks requires a fundamental shift in how businesses perceive the security of everyday office and home-working equipment.