Chinese state-affiliated hackers have successfully infiltrated over 2,700 smart devices in the Netherlands as part of a broader global cyber campaign. According to the National Cyber Security Center (NCSC), the breach was part of a larger operation targeting more than 260,000 devices worldwide. The hackers, believed to be connected to the Chinese government, focused on small office and home office (SOHO) equipment, including internet routers, modems, and various Internet of Things (IoT) devices. This widespread attack was initially flagged by American and British authorities, who also warned that these compromised devices could be used for future large-scale cyberattacks.
The NCSC confirmed that these devices were vulnerable to exploitation due to inadequate security measures, and urged device owners in the Netherlands to install the latest software updates. The NCSC’s report noted that only a portion of the affected devices would be notified directly, leaving many others potentially compromised without owners’ knowledge. This highlights the challenge of securing millions of IoT devices, which are often not adequately protected by their owners.
In addition to the Netherlands, the breach affected a wide range of countries, with the majority of the compromised devices located in Europe, North America, and Asia. Some devices in South America, Africa, and Australia were also affected. The scale of the attack demonstrates the growing vulnerability of internet-connected devices across the globe. It is believed that these devices were compromised not for immediate financial gain, but to be repurposed for large-scale cyberattacks at a later time.
The breach has been linked to the Beijing Integrity Technology Group, a Chinese cybersecurity firm that reportedly has ties to the Chinese government. The techniques used in the attack were consistent with those employed by Chinese cyber spies in previous campaigns. Authorities have cautioned that the use of these devices in future cyberattacks could pose significant security risks to governments, businesses, and individuals, underscoring the importance of securing internet-connected devices against exploitation.
Reference:
