Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • NCSC and partners issue alert about China state-sponsored cyber attacks

Security

NCSC and partners issue alert about China state-sponsored cyber attacks

The UK and international allies have issued a new alert which shines a light on how China state-sponsored actors have evolved their techniques for launching cyber attacks.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock

The National Cyber Security Centre – a part of GCHQ – has issued an advisory alongside partners in Australia, the US, Canada, New Zealand, Germany, the Republic of Korea and Japan, focusing on how one China state-sponsored cyber actor has carried out attacks against Australian networks.

Advertisement
DSEI 2025

The threat group APT40 has embraced the trend of exploiting vulnerable small-office and home-office (SoHo) devices as a launching pad for attacks. These devices are softer targets when they are not running the latest software, or are no longer supported with security updates and they more easily conceal malicious traffic.

Two technical case studies showing how these techniques are deployed have been shared to help network defenders identify this malicious activity, which is also used regularly worldwide – including by other China state-sponsored actors.

The UK has previously attributed APT40 as being part of the Chinese Ministry of State Security. Defenders are encouraged to follow the latest advice to help detect and mitigate the malicious activity.

Advertisement
ODU RT

The publication of this advisory follows a warning made by the Director of GCHQ in May about the “genuine and increasing cyber risk to the UK” posed by China.   

The advisory, titled 'PRC MSS tradecraft in action', has been co-sealed by the NCSC, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US National Security Agency (NSA), the US Federal Bureau of Investigation (FBI), the Canadian Cyber Security Centre (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), the German Federal Intelligence Service (BND), the Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Center, and Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA).

It can be read on the ACSC website.

Advertisement
Cranfield University
G4S awarded contract to secure Sizewell C project

Security

G4S awarded contract to secure Sizewell C project

15 May 2025

G4S has been awarded the contract as the principal security provider for Sizewell C, the new 3.2GW nuclear power station under construction on the Suffolk coast.

Report warns AI threats increasing cyber risk

Security

Report warns AI threats increasing cyber risk

12 May 2025

Over the next two years, a growing divide will emerge between organisations that can keep pace with AI-enabled threats and those that fall behind – exposing them to greater risk and intensifying the overall threat to the UK’s digital infrastructure, cyber chiefs have warned.

UK pioneering global move away from passwords

Security

UK pioneering global move away from passwords

8 May 2025

The UK government is set to roll out passkey technology for its digital services later this year as an alternative to the current SMS-based verification system, offering a more secure and cost-effective solution that could save several million pounds annually.

Smiths Detection to deliver checkpoint screening at DXB

Aerospace Security

Smiths Detection to deliver checkpoint screening at DXB

8 May 2025

Smiths Detection has been awarded a contract by Dubai Aviation Engineering Projects (DAEP) to deliver state-of-the-art checkpoint screening solutions across all terminals at Dubai International Airport (DXB).

Advertisement
DSEI 2025
IFS launches Nexus Black

Aerospace Security

IFS launches Nexus Black

8 May 2025

IFS has launched Nexus Black, a strategic innovation programme to expedite high-impact AI adoption for industrial organisations.

Gama Aviation to utilise ELMS Aviation

Aerospace Security

Gama Aviation to utilise ELMS Aviation's employee management solution

7 May 2025

Gama Aviation has signed a new long-term agreement with ELMS Aviation, utilising the company’s powerful personnel competence and compliance platform to support the global expansion of the business.

Advertisement
DSEI 2025