1 article
A pattern documented across multiple China-nexus threat actors in 2025–2026 shows a deliberate move from Windows endpoint compromise toward Linux-based network appliances and BSD-running security devices. Network devices running proprietary Linux/BSD derivatives sit at the network edge with high-privilege routing access — and typically outside the enterprise's EDR coverage.