UK businesses and organisations in critical sectors have been warned to take steps to protect themselves against Chinese hackers as three China-based technology companies were accused of being linked to global cyber attacks.
The National Cyber Security Centre, which is part of GCHQ, is among security bodies from 13 countries to issue warnings that organisations in crucial sectors should “proactively hunt” for activity by Chinese hackers and patch up weaknesses.
Authorities say that the attackers behind a campaign targeting foreign governments and key services including telecoms have taken advantage of known common vulnerabilities, rather than using malware or exploiting previously undetected weaknesses.
🚨NEW: The NCSC and international partners are urging network defenders in targeted critical sectors to strengthen their cyber security in response to activity linked to three China-based commercial entities exploiting known vulnerabilities.https://t.co/lpLpXdcYhS
— NCSC UK (@NCSC) August 27, 2025
A security advisory issued on Wednesday named three China-based tech firms that have been claimed to provide cyber-related services to Chinese state intelligence.
They are said to be linked to global activity that has targeted governments, telecoms, transport and military infrastructure since 2021, including “a cluster of activity in the UK”.
It includes attacks referred to as Salt Typhoon, which US authorities said had given Beijing access to the private texts and phone conversations of an unknown number of Americans.
The firms are: Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co Ltd, and Sichuan Zhixin Ruijie Network Technology Co Ltd.
NCSC chief executive Dr Richard Horne said: “We are deeply concerned by the irresponsible behaviour of the named commercial entities based in China that has enabled an unrestrained campaign of malicious cyber activities on a global scale.
“It is crucial organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors, who have been exploiting publicly known – and so therefore fixable – vulnerabilities.
“In the face of sophisticated threats, network defenders must proactively hunt for malicious activity, as well as apply recommended mitigations based on indicators of compromise and regularly review network device logs for signs of unusual activity.”
