British Firms Urged to Boost Cybersecurity Against China-Linked Espionage
British businesses are being urged to enhance vigilance against a hacking strategy linked to China that exploits common devices for espionage purposes.
The UK’s National Cyber Security Centre (NCSC), along with cybersecurity agencies from nine other nations, has issued warnings about ongoing attempts by Beijing-backed groups to compromise equipment such as wifi routers to facilitate cyber-attacks.
These networks, often referred to as “covert networks” or “botnets,” generally target vulnerable devices—such as those lacking recent software updates or that are outdated—to serve as platforms for activities including surveillance and data theft.
China-Linked Hackers Employ Sophisticated Techniques
The NCSC stated that this method is employed by the majority of hackers associated with China. Richard Horne, the centre’s chief executive, highlighted the advanced capabilities of China’s intelligence and military cyber operations. Speaking at the NCSC’s annual conference in Glasgow, he remarked:
“We face more than just a capable cyber threat but a peer competitor in cyberspace.”
International Advisory Highlights Shift in Chinese Cyber Tactics
The advisory notice, issued by the NCSC alongside agencies from countries including the US, Australia, Canada, and Germany, indicates a “major shift” in Chinese tactics toward leveraging internet-connected devices to mask the origin of attacks. The devices most frequently compromised are routers, although printers and web cameras are also susceptible.
Security experts liken routers to virtual private networks (VPNs), which enable web users to conceal their locations. They explain that a household’s wifi router can be exploited as a conduit for attacks targeting unrelated major organizations.
Guidance for Organizations to Mitigate Risks
While the NCSC’s guidance is not specifically aimed at the general public who may unknowingly provide a launchpad for espionage, it urges companies and organizations to implement several measures. These include mapping their IT systems comprehensively, including connections to consumer broadband networks. The guidance also recommends multifactor authentication—requiring users to provide an additional verification form alongside passwords—for staff accessing systems remotely. Furthermore, it advises limiting network connections to external devices.
The advisory notice published on Thursday states:
“The NCSC believes that the majority of China-nexus threat actors are using these networks, that multiple covert networks have been created and are being constantly updated, and that a single covert network could be being used by multiple actors. These networks are mainly made up of compromised small office home office routers, as well as internet of things [connected devices] and smart devices.”
Notable Threat Actors and Infrastructure Targets
A China-backed group, identified by Western authorities as Volt Typhoon, has been highlighted as a user of covert networks and has infiltrated critical US infrastructure sectors including rail, aviation, and water systems. The NCSC noted that these covert networks are now constructed and maintained by private Chinese companies. In one instance, a Chinese firm created a covert network by infecting 200,000 devices globally.
Earlier this year, Google announced the disruption of a “residential proxy” network whereby cybercrime groups and state actors exploited hacked household and IT devices to conduct attacks.
