UK and allies link China-based firms to global cyber campaign

NCSC says firms tied to malicious operations linked to Salt Typhoon

The UK and 12 international allies have linked three China-based technology companies to a long-running cyber campaign that has targeted governments and critical infrastructure around the world.

In a joint advisory published on Wednesday, the National Cyber Security Centre (NCSC) – part of GCHQ – and partner agencies detailed how the firms are tied to malicious cyber operations dating back to at least 2021. The activity has affected sectors including government, telecommunications, transport, lodging and military infrastructure, with incidents observed in the UK.

According to the NCSC, the operations are connected to a commercial cyber ecosystem in China with links to the country’s intelligence services. The advisory overlaps with activity previously tracked by the cybersecurity industry under the name Salt Typhoon.

China-linked firms behind long-running cyber campaign

The three companies named are Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co and Sichuan Zhixin Ruijie Network Technology Co Ltd.

The advisory warns that data obtained through the campaigns could allow Chinese intelligence services to identify and track communications and movements worldwide.

Unlike some state-linked campaigns that use bespoke malware or zero-day exploits, the actors in this case have had “considerable success” exploiting known and avoidable vulnerabilities. The advisory emphasises that timely patching and ensuring edge devices are secured could have prevented many of the intrusions.

NCSC urges organisations to patch and monitor for threats

NCSC chief executive Dr Richard Horne said the behaviour of the companies was enabling “an unrestrained campaign of malicious cyber activities on a global scale”. He urged organisations in targeted sectors to heed the warning, hunt for malicious activity proactively and apply mitigations such as reviewing logs for unusual behaviour and patching vulnerable systems.

The UK government has highlighted its efforts to strengthen national cyber-resilience, pointing to the Telecommunications (Security) Act 2021 and the forthcoming Cyber Security and Resilience Bill, which is expected to expand protections for critical services.

The advisory was issued alongside agencies from the United States, Australia, Canada, New Zealand, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland and Spain.