Joint Guidance on Defending Against PRC-Linked Covert Networks
Summary
The Canadian Centre for Cyber Security joined 14 international partners in issuing joint guidance on defending against People’s Republic of China (PRC)-linked covert networks. The advisory describes how PRC-linked threat actors leverage externally provisioned networks of compromised edge devices to target critical sectors, steal sensitive data, and maintain persistent access. The guidance also warns of indicator of compromise (IOC) extinction, requiring network defenders to deploy adaptive, intelligence-driven measures rather than relying on static indicators.
“Covert networks are often made up of vulnerable everyday Internet-connected edge devices that have been compromised.”
Organizations in critical sectors should review their edge device and IoT infrastructure against the TTPs described in this advisory. The advisory specifically highlights that IOC extinction (indicators disappearing as quickly as discovered) requires moving beyond static indicator-based detection to more adaptive, intelligence-driven approaches — this operational shift in defensive posture is the core message for network defenders.
About this source
GovPing monitors Canada CCCS News for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.
What changed
The joint advisory describes how PRC-linked threat actors create and maintain covert networks through externally provisioned, large-scale networks of compromised devices, with specific attention to the role of Chinese information security companies. It provides comprehensive mitigation advice and warns that indicators of compromise (IOC) disappear as quickly as they are discovered, requiring more adaptive, intelligence-driven defensive measures.
Organizations in critical sectors should review the guidance and assess their exposure to vulnerable edge devices and internet-connected devices that are commonly targeted for botnet operations. While no compliance deadlines are specified, the advisory highlights a specific and evolving threat methodology that defenders should incorporate into their security monitoring programs.
Archived snapshot
Apr 24, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Joint guidance on defending against the People’s Republic of China -linked covert networks
The Canadian Centre for Cyber Security (Cyber Centre) has joined the United Kingdom’s National Cyber Security Centre (NCSC), UK industry and the following international partners in releasing a cyber security advisory on defending against the People’s Republic of China (PRC)-linked covert networks.
- Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)
- Germany Federal Office for the Protection of the Constitution - (BfV)
- Germany’s Federal Intelligence Service (BND)
- Germany’s Federal Office for Information Security (BSI)
- Japan’s National Cybersecurity Office (NCO)
- The Netherlands General Intelligence and Security Service (AIVD)
- The Netherlands Defence Intelligence and Security Service (MIVD)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- Spain’s National Cryptologic Centre (CCN)
- Sweden’s National Cyber Security Centre (NCSC-SE)
- The United States’ Cybersecurity and Infrastructure Security Agency (CISA)
- The United States’ Department of Defense Cyber Crime Center (DC3)
- The United States’ Federal Bureau of Investigation (FBI)
- The United States’ National Security Agency (NSA) Covert networks are often made up of vulnerable everyday Internet-connected edge devices that have been compromised. PRC-linked threat actors have shifted their tactics, techniques and procedures (TTPs) to leverage externally provisioned, large-scale networks of compromised devices to target critical sectors, steal sensitive data and maintain persistent access.
This joint advisory describes how covert networks used by PRC-linked threat actors are being created and maintained , externally, by Chinese information security companies. It provides insight into the TTPs threat actors use and provides comprehensive mitigation advice to help protect systems from malicious activity from covert networks.
The joint advisory also warns of a key issue for network defenders: indicator of compromise (IOC) extinction. This occurs when IOCs disappear as quickly as they are discovered and requires network defenders to deploy more adaptive, intelligence-driven measures to mitigate the risks.
Read the full joint guidance: International cyber agencies share fresh advice to defend against China-linked covert networks
Related advisories
- Joint cyber security advisory: People’s Republic of China-linked actors compromise routers and Internet-connected devices for botnet operations
- Joint cyber security advisory on worldwide network compromises by People’s Republic of China state-sponsored actors - Canadian Centre for Cyber Security Date modified:
2026-04-23
Mentioned entities
Related changes
Get daily alerts for Canada CCCS News
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CCCS.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Canada CCCS News publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.