The UK National Cyber Security Centre (NCSC), part of GCHQ, along with partners from twelve countries, has publicly linked three China-based technology companies to a global malicious cyber campaign targeting critical networks and organisations.
The advisory, released Wednesday, highlights how these entities enabled sustained cyber activities against industries including government, telecommunications, transportation, lodging, and military infrastructure. Activity clusters have also been observed in the UK.
Technical Details and Attack Methods
The report describes how the attackers exploited known, unpatched vulnerabilities in widely used systems, rather than relying on new or bespoke malware. This approach gave them considerable success in infiltrating target networks, underscoring the risks posed by poor patch management.
The campaign overlaps with malicious activity previously tracked by the cybersecurity industry under the name Salt Typhoon. Data stolen in these intrusions can enable long-term tracking of communications and movements across targeted organisations.
Key vulnerabilities were often linked to edge devices and other publicly exposed infrastructure. According to the UK National Cyber Security Centre (NCSC), timely patching and proactive monitoring could have prevented many of these breaches.
Urgent Call for Defensive Measures
The UK National Cyber Security Centre (NCSC) urged organisations in nationally significant sectors to:
- Proactively hunt for signs of malicious activity.
- Apply security updates to systems and edge devices.
- Review logs for unusual patterns of behaviour.
- Implement mitigations based on published indicators of compromise (IoCs).
Dr Richard Horne, Chief Executive of the UK National Cyber Security Centre (NCSC), emphasised the importance of timely action: “It is crucial organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors who have been exploiting publicly known – and so therefore fixable – vulnerabilities.”
Global Coordination on Cyber Resilience
The advisory was co-signed by cybersecurity agencies from the United States, Australia, Canada, New Zealand, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain, demonstrating a coordinated international response to the threat.
In addition to raising awareness, the advisory reinforces the need for organisations to strengthen defences as cyber attacks increasingly exploit avoidable weaknesses in infrastructure.
To support this effort, the UK National Cyber Security Centre (NCSC) offers its Early Warning service, which provides timely notifications about vulnerabilities and malicious activity affecting UK organisations. The service is available free of charge.
Named Entities
The three companies linked to the malicious campaign are:
- Sichuan Juxinhe Network Technology Co Ltd
- Beijing Huanyu Tianqiong Information Technology Co
- Sichuan Zhixin Ruijie Network Technology Co Ltd
According to the advisory, these firms form part of a broader commercial cyber ecosystem that supports sustained campaigns against critical networks.
Strengthening Defences
The announcement reinforces the need for robust cyber hygiene across critical industries. With attackers leveraging readily available exploits, security experts stress that organisations must prioritise:
- Routine patch management
- Vulnerability scanning
- Active threat hunting
- Continuous monitoring of exposed assets
As cyber campaigns grow in scale and sophistication, the joint advisory highlights the importance of global collaboration and proactive security practices to mitigate risks and protect essential services.
Also Read: Data I/O Ransomware Attack Disrupts Chip Programming Operations
