Chinese tech companies linked with malicious cyber campaign

In a new advisory, the National Cyber Security Centre (NCSC) – itself a part of GCHQ – and international partners from 12 other nations has shared technical details about how malicious cyber activities linked with these China-based commercial entities have targeted nationally significant organisations around the world.

Since at least 2021, this activity has targeted organisations in critical sectors including Government, telecommunications, transportation, lodging and military infrastructure globally, with a cluster of activity observed in the UK.

Those activities described in the advisory partially overlap with campaigns previously reported by the cyber security industry, most commonly under the name Salt Typhoon. The data stolen through this activity can ultimately provide the Chinese intelligence services with the capability to identify and track targets’ communications and movements worldwide.

The advisory describes how the threat actors have enjoyed considerable success in taking advantage of known common vulnerabilities rather than relying on bespoke malware or ‘Zero Day’ vulnerabilities to carry out their activities, meaning that attacks via these vectors could have been avoided with timely patching.

Organisations of national significance in the UK are encouraged to proactively hunt for malicious activity and implement mitigative actions, including ensuring that edge devices are not exposed to known vulnerabilities and implementing regular security updates.

Irresponsible behaviour

NCSC CEO Dr Richard Horne observed: “We are deeply concerned by the irresponsible behaviour of the named commercial entities based in China that have enabled an unrestrained campaign of malicious cyber activities on a global scale. It’s crucial that organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors who’ve been exploiting publicly known – and so therefore fixable – vulnerabilities.”

Horne continued: “In the face of sophisticated threats, network defenders must proactively hunt for malicious activity, as well as apply recommended mitigations based on indicators of compromise and regularly review network device logs for signs of any unusual activity.”

The UK has led globally in helping to improve cyber risk management with leading legislation including the Telecommunications (Security) Act 2021 and the associated Code of Practice, for which the NCSC has served as the technical authority.

Further, the Government’s forthcoming Cyber Security and Resilience Bill will strengthen the UK’s cyber defences, protecting the services upon which members of the public rely in order to go about their normal lives.

Range of guidance 

The NCSC and Government partners have previously warned about the growing range of cyber threats facing critical sectors and provide a range of guidance and resources to improve resilience.

For example, the NCSC’s Early Warning service provides timely notifications about potential security issues, including known vulnerabilities and malicious activities affecting users’ networks. All UK organisations can sign up to this free service.

The three China-based technology companies provide cyber-related services to the Chinese intelligence services and are part of a wider commercial ecosystem in China, which includes information security companies, data brokers and ‘hackers for hire’.

The NCSC has co-sealed this advisory alongside agencies from the United States, Australia, Canada, New Zealand, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland and Spain. Read the advisory in full at: https://media.defense.gov/2025/Aug/22/2003786665/-1/-1/0/CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDF