National Cyber Security Centre and agencies in 12 other countries advise those managing networks for government and critical services to hunt for malicious activity and implement fixes for known problems
The National Cyber Security Centre has named three Chinese companies that it and partner security agencies believe are linked to a campaign of cyberattacks connected to the Chinese state.
NCSC, part of the UK’s signals intelligence agency GCHQ, said that Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology provide cyber-related services to the Chinese intelligence services. It said that activities linked to these companies have targeted “nationally significant organisations” around the world since at least 2021 in sectors including government and military infrastructure, as part of a campaign commonly called “Salt Typhoon”.
“It is crucial organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors who have been exploiting publicly known – and so therefore fixable – vulnerabilities,” said NCSC chief executive Dr Richard Horne. “In the face of sophisticated threats, network defenders must proactively hunt for malicious activity, as well as apply recommended mitigations based on indicators of compromise and regularly reviewing network device logs for signs of unusual activity.”
The joint cybersecurity advisory is hosted on the US Department of Defense website and is co-signed by other agencies in the US including the National Security Agency as well as partner organisations in Australia, Canada, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, Spain and New Zealand as well as the NCSC. It says that Chinese state-sponsored attackers target networks used for telecoms, government, transport, accommodation and military infrastructure.
“While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks. These actors often modify routers to maintain persistent, long-term access to networks,” the advisory says.
NCSC added that the attackers have had “considerable success taking advantage of known vulnerabilities” which could have been avoided with timely patching.
In May, NSCS and international partners issued a similar warning about Russian military intelligence attacking logistics and technology companies since 2022 using techniques including spear-phishing, targeting a specific person or group.
In July, Jake Doughty, a junior minister at the Foreign, Commonwealth and Development Office, said in a response to a written parliamentary question that NCSC is handling fewer responses to cyberattacks than previously but twice as many are of national significance.
