UK intelligence agencies have identified a coordinated effort by Chinese state-linked operatives to rebuild botnets that were previously taken down by law enforcement. These networks of compromised devices are being used to launch cyber attacks and spread disinformation, particularly around the contentious issue of AI datacentre development in Britain.
The botnets, which can include thousands of hijacked computers and Internet of Things (IoT) devices, are being reconstructed using updated malware that evades current detection systems. Security experts warn that the same infrastructure could be weaponised to disrupt critical services, steal data, or manipulate public opinion ahead of major policy decisions.
At the heart of the disinformation campaign is the debate over where to build new AI datacentres, which require vast amounts of electricity and water for cooling. Chinese agents have been amplifying false claims about local environmental damage and energy shortages, aiming to stoke public opposition and delay planning approvals. This tactic mirrors similar operations seen in other Western nations.
For UK businesses, the implications are twofold. First, any company whose devices are co-opted into a botnet could suffer reputational harm and operational disruption. Second, the polarisation of the datacentre debate risks slowing the UK's AI ambitions, potentially deterring investment from American and European tech giants. The Information Commissioner's Office (ICO) has urged firms to bolster their cyber hygiene, while the EU's forthcoming AI Act may impose stricter transparency rules on datacentre operators.
Dr. Eleanor Vance, a cybersecurity researcher at the University of Cambridge, said: 'The rebuilding of botnets shows that takedowns alone are not enough. The UK must invest in proactive threat hunting and international cooperation to dismantle the command-and-control servers that enable these networks.' She added that the disinformation component is particularly dangerous because it erodes public trust in both technology and democratic processes.
The National Cyber Security Centre (NCSC) has declined to comment on operational details but has reiterated its guidance for organisations to implement multi-factor authentication and keep software updated. As the UK government prepares its AI Safety Summit follow-up, the discovery underscores the need for robust digital resilience measures that protect both national security and economic competitiveness.