John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
There is a quiet, steady kind of threat that usually gets ignored because it isn’t flashy. It isn’t a ransomware countdown or a headline-grabbing breach. It is simply about position.
CISA just dropped a massive advisory (AA26-113A) alongside the UK and about a dozen other countries. They are warning us about “covert device networks.” Think of it as a shadow infrastructure built by Chinese state-linked actors like Volt Typhoon. They aren’t in your network to steal your files today; they are there to hold the ground for later.
They are targeting the stuff we all forget about: SOHO routers, VPN boxes, and NAS units. These devices sit on your network edge, often unpatched and unmonitored. Once they’re in, they don’t make noise. They just sit there as relay nodes, waiting for a geopolitical shift—like an escalation in the South China Sea—before they get activated.
Your router might be a hop in this infrastructure right now and you’d never know it because they are experts at blending in.
The fix isn’t just a patch. You need to actually know what’s on your network. Audit your hardware, watch for weird outbound connections from your edge devices, and if something looks fishy, don’t just reboot it. Reimage or replace it. This is about reclaiming your network real estate.