NCSC joins partners to issue warning about China state-sponsored cyber activity targeting CNI networks

NCSC joins partners to issue warning about China state-sponsored cyber activity targeting CNI networks

The UK and agencies in the US, Australia, Canada and New Zealand have issued new advice to help organisations detect China state-sponsored activity being carried out against critical national infrastructure networks.

In the new joint advisory the National Cyber Security Centre – a part of GCHQ – alongside international partners highlight how recent activity has targeted networks across critical infrastructure sectors in the US and how the same techniques could be applied worldwide.

The actor has been observed taking advantage of built-in network administration tools on targets’ systems to evade detection after an initial compromise.

The advisory provides technical indicators of compromise and examples of techniques deployed by the actor to help network defenders identify the malicious activity.

Paul Chichester, NCSC Director of Operations, said: “It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems, as described in this joint advisory with our international partners.

“We strongly encourage providers of UK essential services to follow our guidance to help detect this malicious activity and prevent persistent compromise.”

Sylvain Cortes, VP Strategy at Hackuity, commented: Persistent threat actors such as ‘Volt Typhoon’, which have been acting against critical national infrastructure since 2021 according to Microsoft, thrive on the exploitation of zero-day vulnerabilities and the lack of knowledge around them.

“There are a variety of reasons for nation-state driven attacks such as ‘Volt Typhoon’, but mainly their attacks are designed to cause minimum noise and maximum disruption, until it’s too late and an attack is fully underway.

“To maximise preventative measures, organisations must develop a routine of vulnerability scanning to stay one step ahead of attackers. What’s more, running standard audits of your internal system to locate critical access points in a timely manner will increase your chances of spotting unusual activity among your users.”

Browse our latest issue

Intelligent CISO

View Magazine Archive