The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week.
This is the first evidence of the China-linked threat actor’s activity since hacked the U.K. government and military in 2017 (which wasn’t made public until 2018).