The UK and a coalition of international partners have identified three China-based technology companies as enabling a global malicious cyber campaign targeting critical networks, according to the National Cyber Security Centre (NCSC).
The advisory, published on Wednesday, names Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co, and Sichuan Zhixin Ruijie Network Technology Co Ltd as entities providing services within a wider Chinese commercial cyber ecosystem that has ties to intelligence services.
The campaign, referred to by industry as Salt Typhoon, has targeted government, telecommunications, transportation, lodging, and military infrastructure since at least 2021, with activity observed in the UK.
NCSC Chief Executive Dr Richard Horne said: “We are deeply concerned by the irresponsible behaviour of the named commercial entities based in China that has enabled an unrestrained campaign of malicious cyber activities on a global scale. It is crucial organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors who have been exploiting publicly known – and so therefore fixable – vulnerabilities.”
According to the advisory, the groups have achieved considerable success not by deploying zero-day exploits but by exploiting widely known vulnerabilities that could have been prevented through timely patching. The NCSC urged organisations of national significance to conduct proactive threat hunting, ensure edge devices are updated, and monitor network logs for unusual activity.
The UK was joined by agencies from twelve nations, including the United States, Australia, Canada, New Zealand, Germany, Italy, Japan, and Poland, in issuing the joint advisory. The report states that data stolen through the campaign could allow Chinese intelligence services to monitor communications and movements of targets worldwide.
The UK government has pointed to existing and forthcoming legislation as part of its defence posture, including the Telecommunications (Security) Act 2021 and the proposed Cyber Security and Resilience Bill. The NCSC also operates its Early Warning service, which provides notifications of vulnerabilities and potential intrusions to UK organisations free of charge.
The joint advisory can be read in full here.
China is a huge adversary, more so than Russia at the moment.
So much so we are allowing a “super embassy” to be built in London. Could not make it up could you?