The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense Cyber Crime Center (DC3), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), in coordination with international partners, released an advisory highlighting the increasing use of covert networks of compromised devices by China-nexus cyber actors. The information describes a shift toward large-scale botnets composed primarily of small office and home office routers and Internet of Things devices that are used to obscure attribution and route malicious cyber activity. These networks support multiple stages of cyber operations, including reconnaissance, malware delivery, command and control, and data exfiltration, and may be used by multiple threat actors at the same time. Examples include activity by Volt Typhoon and Flax Typhoon, as well as the Raptor Train network, which infected more than 200,000 devices globally. The content emphasizes that these networks are dynamic and continuously updated, making traditional defenses such as static Internet Protocol blocklists less effective. It also outlines mitigation steps such as improving visibility of network edge devices, implementing multifactor authentication, and adopting zero trust approaches. For additional details, refer to the official advisory titled Defending Against China-Nexus Covert Networks of Compromised Devices.