Security Authorities Warn of New Chinese Hacker Methods Targeting Business and Personal Devices

Cybersecurity agencies in Germany and the United States have issued urgent warnings about a new wave of Chinese state-sponsored cyberattacks that exploit compromised everyday devices to conceal malicious operations. Authorities report that threat actors linked to the People’s Republic of China are increasingly using hijacked smartphones, laptops, and other internet-connected equipment from businesses and private individuals to create covert networks that mask their intrusion activities.

The alerts, released on April 23, 2026, come from Germany’s Federal Office for the Protection of the Constitution (Verfassungsschutz) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with international partners. According to the advisory, these compromised devices form part of what officials describe as “China-nexus covert networks” designed to obscure the origin of cyber intrusions targeting telecommunications, government, transportation, lodging, and military infrastructure.

CISA’s advisory, designated AA26-113A, states that while PRC state-sponsored actors continue to focus on large backbone routers and provider edge equipment of major telecommunications providers, they are now actively leveraging poorly secured consumer and enterprise devices as jump points for broader network infiltration. The agency emphasizes that these tactics allow attackers to bypass traditional security monitoring by blending malicious traffic with legitimate device communications.

This development follows earlier disclosures about the Salt Typhoon hacking group, which was linked to a significant breach in 2024 that exposed call records from millions of Americans. U.S. Law enforcement officials have since labeled a suspected Chinese intrusion into a government surveillance system as a “major incident” under federal data security laws, citing risks to national security and civil liberties due to the compromise of personally identifiable information.

Intelligence assessments confirm the growing sophistication of these operations. The Netherlands’ Military Intelligence and Security Service (MIVD) reported in its annual assessment that China’s offensive cyber capabilities now likely match those of the United States, noting that a significant portion of Chinese cyber operations against Dutch interests go undetected. The MIVD highlighted that Chinese hacking units have been observed competing internally to find vulnerabilities in edge devices, and that state-sponsored groups doubled their use of zero-day exploits in 2025.

Cybersecurity experts warn that weak security practices among consumers and businesses — such as default passwords, unpatched software, and lack of network segmentation — make mobile devices and home computers particularly vulnerable to hijacking. Once compromised, these devices can be enrolled in botnet-like infrastructures used not only for espionage but also as launchpads for future attacks that are harder to trace.

Authorities urge organizations and individuals to strengthen device security by changing default credentials, applying security patches promptly, disabling unnecessary remote access features, and monitoring network traffic for anomalous connections. They also recommend implementing multi-factor authentication and endpoint detection tools to reduce the risk of device compromise.

The coordinated warning underscores a shift in Chinese cyber tactics toward greater stealth and resource efficiency, leveraging the weakest links in global digital infrastructure to conduct sophisticated espionage campaigns while minimizing direct exposure of state-linked infrastructure.