The National Cyber Security Centre (NCSC) and 15 international partners have issued a joint advisory warning of a significant threat from China-linked cyber actors. These groups are reportedly using networks of compromised everyday internet devices to mask their attacks. The advisory highlights a tactical shift where attackers route their activities through hundreds of thousands of compromised home routers and smart devices, replacing traditional attacker infrastructure. The advisory identifies patterns in operations like Volt Typhoon and Flax Typhoon, where traffic is routed through compromised small office and home office routers. This method obscures the origin of attacks, aiding in scanning targets, delivering malware, and exfiltrating data. Notably, the Raptor Train network infected over 200,000 devices globally in 2024, with the FBI attributing its management to the Beijing-based Integrity Technology Group, which was sanctioned by the UK in December 2025. The advisory also notes that the KV Botnet, used by Volt Typhoon, has established footholds in critical infrastructure across the US and allied countries. The NCSC urges organizations to monitor network traffic and adopt dynamic threat feeds to counter these advanced persistent threats. The report underscores the challenge of tracking state-backed hacking campaigns, with 2024 seeing over $2 billion in digital-asset losses due to cyber activity.