The “significant threat” posed by Chinese and Russian hackers has contributed to a record number of serious online attacks, the UK’s cyber security agency has warned.
The National Cyber Security Centre (NCSC), which is part of the GCHQ intelligence agency, recorded a 50% increase in “highly significant” incidents in the year to the end of August.
The attacks on household names including Marks and Spencer, Co-op and Jaguar Land Rover have shown the real world impact of cyberattacks, the NCSC said.
As well as online criminals launching ransomware attacks to demand money from firms or individuals, the UK is also targeted by hostile states – either directly or through groups operating at arms-length from the authorities in Beijing, Moscow, Tehran and Pyongyang.
The NCSC’s annual review said: “State actors continue to present a significant threat to UK and global cyber security, aided by an evolving cyber intrusion sector.
“As threats intensified, our incident management team faced a record number of nationally significant incidents.”
The report said:
– China is a “highly sophisticated and capable threat actor, targeting a wide range of sectors and institutions across the globe, including the UK”.
– Russia is a “capable and irresponsible threat actor in cyberspace”, while pro-Moscow “hacktivist” groups operating outside formal state control are seeking to target the UK, Europe, US, and other Nato countries in retaliation for Western support for Ukraine and Israel.
– Iran’s activity has largely been focused in the Middle East but the NCSC assesses it is “highly likely” that UK entities could be potential targets for Tehran-linked hackers, following a US warning that Iranian state-sponsored or affiliated cyber activity could threaten critical infrastructure.
– North Korea’s “prolific and capable” hacking activity mainly seeks to raise revenue, to collect intelligence and to offset the impact of international sanctions, while undercover IT workers from Kim Jong Un’s country are “almost certainly” targeting UK firms by posing as third-country freelance staff.
In a speech on Tuesday to launch the annual review, NCSC chief Richard Horne will say: “We know that our adversaries are combining cyber means with physical methods in order to further their aims.
“Just last month, agencies from 13 nations came together to warn that three technology companies based in China have conducted a malicious global cyber campaign targeting critical networks on behalf of their host nation.”
As well as that warning in August this year, the NCSC and allies in September 2024 exposed a covert network operated by a China-linked company called Integrity Technology Group or Flax Typhoon, which had a botnet consisting of 260,000 compromised devices around the world.
