Chinese government hackers are weaponizing compromised consumer gadgets like routers and smart fridges to infiltrate Western national infrastructure, per a joint advisory from Five Eyes intelligence agencies. The tactic marks a major shift in Beijing’s cyber strategy, enabling stealthy attacks on utilities and democratic institutions while evading detection. European intelligence officials confirmed China’s botnets—networks of hijacked devices—are now deployed strategically to mask advanced intrusions, complicating defenses.

The Five Eyes coalition, including the U.S. and U.K., warned that these botnets target “internet of things” devices, which remain vulnerable due to unpatched software. Hackers chain these devices together to launch multi-stage attacks, making it difficult to trace origins. Previously used for basic disruptions, China’s state-backed groups like Volt Typhoon and Flax Typhoon now employ them for espionage and sabotage. Volt Typhoon, linked to China’s military, has targeted U.S. communications networks, while Flax Typhoon focuses on Taiwanese and U.S. military systems tied to Taiwan.

The campaign aims to destabilize Western responses to potential Chinese aggression, particularly in Taiwan. Violet Typhoon, tied to China’s intelligence ministry, has a history of attacking political entities, including the UK electoral commission in 2021. Germany’s domestic intelligence agency noted the group’s focus on Western political institutions using compromised devices in Germany.

This escalation underscores China’s growing cyber prowess, surpassing its prior reputation as a secondary threat. With tens of thousands of devices globally compromised, the advisory urges urgent software updates and network segmentation. Experts stress that without proactive measures, these botnets could enable large-scale, state-sponsored cyber warfare.