GCHQ warns of fresh threat from Chinese state-sponsored hackers

National Cyber Security Centre urges operators of critical national infrastructure to prevent hacks

The UK’s cybersecurity agency has urged operators of critical national infrastructure, including energy and telecommunications networks, to prevent Chinese state-sponsored hackers from hiding on their systems.

The National Cyber Security Centre, part of GCHQ, issued the warning after it emerged that a Chinese hacking group known as Volt Typhoon had targeted a US military outpost in the Pacific Ocean.

The so-called Five Eyes intelligence group – the US, the UK, Australia, Canada and New Zealand – issued a joint notice detailing the nature of the Volt Typhoon threat and how to deal with it.

Microsoft said in a separate statement on Thursday that Volt Typhoon had been active since mid-2021 and had targeted telecommunications infrastructure in Guam, an island hosting a US military facility that is expected to play an important role in any American response to an invasion by China of Taiwan.

It said organisations had also been targeted in the US, spanning sectors including communications, manufacturing, government, IT and education.

Paul Chichester, the NCSC’s director of operations, said: “It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems, as described in this joint advisory with our international partners.

“We strongly encourage providers of UK essential services to follow our guidance to help detect this malicious activity and prevent persistent compromise.”

One of Volt Typhoon’s key tactics was described as “living off the land”, or using the existing IT infrastructure of their target to achieve their aims. The joint advisory provided examples of traces left by Volt Typhoon in organisations’ systems, so its presence could be detected. The hackers used a “web shell”, a piece of malicious code that allows rogue actors to access a web server – and then used that as a way in to connected systems.

Secureworks, a US cybersecurity company that contributed to the advisory notice, said Chinese hackers tended to share their techniques with other China-based groups and that similar techniques would be deployed against UK targets.

“It is likely that Chinese threat groups will be using similar tradecraft against targets in the UK,” said Marc Burnard, a researcher at Secureworks. Don Smith, vice-president of threat research at Secureworks, said the method used by the attackers was akin to “having an evil system administrator on your system”.

Secureworks said the Chinese attackers targeting US infrastructure had been interested in data “of use to Chinese interests” and were an attempt secure “long term strategic intelligence gain.”


Dan Milmo Global technology editor

The GuardianTramp

Related Content

Article image
Hostile states trying to steal coronavirus research, says UK agency
Experts say Russia, Iran and China likely to be behind cyber-attacks on universities

Jamie Grierson and Hannah Devlin

03, May, 2020 @3:12 PM

Article image
GCHQ head: 'UK must be alert to threat from Chinese tech firms'
Jeremy Fleming says Britain will need to develop and use ‘offensive’ cyber operations

Owen Bowcott Legal affairs correspondent

25, Feb, 2019 @12:01 AM

Article image
Google warns of surge in activity by state-backed hackers
More than 50,000 alerts sent so far this year, including of an Iranian group that targeted a UK university

Dan Milmo Global technology editor

15, Oct, 2021 @12:00 PM

Article image
Russian hackers targeting opponents of Ukraine invasion, warns GCHQ chief
Russian operatives trying to escalate online conflict and seeking targets in countries opposing war, says Jeremy Fleming

Dan Sabbagh Defence and security editor

10, May, 2022 @8:58 AM

Article image
The Guardian view on cybersecurity: trust – but verify | Editorial
Editorial: The use of Chinese-made equipment in Britain’s broadband infrastructure demands, and gets, careful scrutiny


20, Jul, 2018 @4:29 PM

Article image
Ex-hackers could be recruited to UK cyberdefence force
GCHQ to train hundreds of enlisted computer experts including possible convicted hackers for UK cyberdefence force

Haroon Siddique

22, Oct, 2013 @8:46 AM

Article image
Inside the British military base where young hackers learn to stop cybercrime
As part of the Cyber Security Challenge UK, law enforcement agencies are putting ‘cyberdefenders’ through their paces

Mark Townsend

19, Aug, 2018 @6:00 AM

Article image
Martha Lane Fox: ‘I wouldn’t want GCHQ to rummage in my front room’
Tech pioneer dismisses GCHQ chief’s claims that US tech firms are aiding terrorists as ‘inflammatory and reactionary’

Alexandra Topping

05, Nov, 2014 @10:00 AM

Article image
Google the latest victim of Chinese 'state-sponsored' cyberwar

MI5 and US intelligence warned their top firms long ago about China's 'government-backed hacking'

Charles arthur, technology editor

14, Jan, 2010 @7:05 AM

Article image
Philip Hammond brings message of cyber-fear to Microsoft | John Crace
Chancellor lulls gathering of geeks to sleep with presentation to launch UK’s cyber-strategy

John Crace

02, Nov, 2016 @12:01 AM