A coalition of international cybersecurity organizations, spearheaded by the UK’s National Cyber Security Centre (NCSC), has publicly implicated three technology firms based in China in a sustained global cyberattack campaign.
In a recent advisory, the NCSC and partners from twelve nations—including the United States, Australia, Canada, New Zealand, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain—provided technical insights into a campaign that has been compromising critical infrastructures since at least 2021.
The cyber intrusions have affected numerous prominent organizations across various sectors, including government, telecommunications, transportation, and military infrastructure. The information siphoned during these attacks poses a potential risk, equipping Chinese intelligence with the tools necessary to monitor global communications and movements.
An Unrestrained Campaign
According to the advisory, the implicated companies—Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co, and Sichuan Zhixin Ruijie Network Technology Co Ltd—are believed to be linked to China’s intelligence operations, primarily providing cyber services. NCSC CEO Dr. Richard Horne expressed alarm over this extensive “campaign of malicious cyber activities globally.” This effort has been associated with a group colloquially identified as Salt Typhoon, among others.
Significantly, a press release from the US National Security Agency highlighted that the attackers have exploited existing vulnerabilities rather than employing sophisticated new techniques. Flawed devices from major vendors, such as Ivanti and Palo Alto Networks, have been targeted, indicating that many of these breaches could have been prevented with timely security updates. The intruders used well-known exploits, emphasizing an alarming trend of inattention to established security protocols.
What Organizations Can Do
In light of the gravity of these threats, the advising agencies strongly recommend organizations take immediate, proactive measures to identify and mitigate malicious activities within their networks. They underscore the necessity of understanding the attackers’ presence thoroughly before initiating removal efforts to ensure complete eradication from the system. Organizations are also urged to secure internet-facing devices properly while implementing all available security updates, as vigilance and routine system evaluations for anomalous behavior are essential for network defense, as emphasized by Dr. Horne.
Expert Analysis
John Hultquist, Chief Analyst at Google’s Threat Intelligence Group, shared insights on the threat, emphasizing that the attackers possess a distinct advantage in evading detection due to their expertise in telecommunications systems. He noted that Chinese cyber espionage benefits from a network of contractors and academics who facilitate the creation of tools and execution of attacks, allowing operations to expand to unprecedented levels.
Hultquist also pointed out that the targeting of the hospitality and transportation sectors may indicate a strategy beyond corporate espionage, suggesting an intention to surveil individuals closely, thereby constructing comprehensive profiles of communication patterns and travel behaviors.
