UK businesses are being urged to strengthen cyber defences after security experts warned that China-linked hacking groups are increasingly using everyday internet-connected devices to launch sophisticated cyber-attacks.
The alert comes from the National Cyber Security Centre (NCSC), alongside agencies in nine allied countries, including the US, Canada, Australia and Germany.
Officials say state-backed groups linked to China are exploiting vulnerable devices such as WiFi routers, printers and internet-connected cameras to build hidden networks used for espionage, surveillance and data theft.
These systems, often described as “botnets” or covert networks, rely on compromised devices that are outdated, poorly secured or missing software updates. Once infected, they can be used to mask the origin of cyber-attacks and target major organisations.
The NCSC said the majority of China-linked threat actors are now using this method, marking a significant shift in tactics.
Richard Horne warned that China’s cyber capabilities are highly advanced, describing them as operating at a “peer competitor” level in cyberspace.
He made the remarks at the NCSC’s annual conference in Glasgow, highlighting growing concerns over state-sponsored cyber activity targeting Western infrastructure and businesses.
### Everyday devices turned into attack tools
Security agencies say home and office routers are the most commonly hijacked devices, but printers and smart home gadgets are also vulnerable.
Once compromised, these devices can be used as a launch point to attack unrelated organisations, including major corporations and critical infrastructure.
Experts compare routers to tools that can mask digital locations, making it harder to trace the origin of attacks.
The NCSC said multiple covert networks have been identified, with some capable of being used by several different hacking groups at once. These networks are often built using thousands of compromised consumer devices across the world.
In one case, a Chinese-linked company reportedly created a network by infecting around 200,000 devices globally.
The advisory also links such activity to groups like Volt Typhoon, which Western intelligence agencies say has targeted key infrastructure in the United States, including transport, aviation and water systems.
While the guidance is aimed at businesses rather than individual consumers, the NCSC is urging organisations to take stronger precautions.
Recommended measures include mapping IT systems, improving monitoring of external connections, using multi-factor authentication, and restricting access from unknown devices.
Officials also stress the importance of regular software updates to reduce the risk of devices being hijacked.
The warning follows wider concerns across the cyber security industry about the use of hacked residential and business devices in global attack networks.
Earlier this year, Google said it had disrupted a large-scale residential proxy network used by cybercriminals and state-linked actors to hide malicious activity.
Security experts say the trend highlights how everyday devices are now becoming part of a growing global cyber battlefield, with serious implications for UK businesses and critical infrastructure.