The United Kingdom and a coalition of international partners have publicly identified three China-based technology companies as key enablers of a global cyber campaign targeting critical networks, including government and military systems. The findings were detailed in a new advisory issued by the National Cyber Security Centre (NCSC) — part of GCHQ — in coordination with cybersecurity agencies from twelve allied nations.
According to the NCSC, the three companies — Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co, and Sichuan Zhixin Ruijie Network Technology Co Ltd — form part of a wider commercial cyber ecosystem in China that operates in alignment with the country’s intelligence services. This network, which includes data brokers, information security firms, and hackers-for-hire, has been linked to malicious cyber campaigns compromising foreign governments and critical sectors across the globe since at least 2021.
The advisory states that the affected sectors include telecommunications, transportation, lodging, military infrastructure, and government organisations, with multiple incidents observed within the United Kingdom. The campaigns appear to overlap with previously reported activity known in the cybersecurity industry as Salt Typhoon. Data stolen through these operations, officials warn, could enable the Chinese intelligence apparatus to monitor and track global communications and movements.
NCSC experts noted that the attackers exploited publicly known software vulnerabilities rather than relying on advanced zero-day exploits or custom-built malware. This means many of the intrusions could have been prevented with timely system patching and better cyber hygiene practices. “We are deeply concerned by the irresponsible behaviour of the named commercial entities based in China that has enabled an unrestrained campaign of malicious cyber activities on a global scale,” said Dr Richard Horne, Chief Executive of the NCSC. “In the face of sophisticated threats, network defenders must proactively hunt for malicious activity and apply recommended mitigations.”
The NCSC and its partners are urging UK organisations in critical sectors to immediately review their networks, patch known vulnerabilities, and monitor for unusual activity using indicators of compromise outlined in the advisory. The agency also encouraged organisations to ensure that edge devices and externally facing systems are not exposed to known security flaws.
The joint advisory, co-signed by cybersecurity authorities from the United States, Australia, Canada, New Zealand, Japan, Germany, Finland, the Czech Republic, Italy, the Netherlands, Poland, and Spain, reflects a coordinated international response to rising cyber threats attributed to state-linked entities in China.
The UK government says the exposure of these operations underscores the need for stronger cybersecurity and data protection measures. Existing frameworks such as the Telecommunications (Security) Act 2021 have already enhanced resilience in high-risk sectors, and the forthcoming Cyber Security and Resilience Bill is expected to further bolster defences across essential public services.
Officials say the latest revelations reaffirm the importance of collective vigilance and rapid information-sharing among allies. The NCSC continues to provide guidance through its Early Warning service, offering free notifications about potential vulnerabilities and malicious activities affecting UK networks.
The advisory concludes with a stark warning: the fusion of commercial cyber expertise and state intelligence in China represents a persistent and evolving threat. Network defenders, it says, must not only patch known weaknesses but also anticipate the next wave of hybrid cyber operations that blend espionage, data theft, and influence tactics into a single, global strategy.
