China and Russia posing ‘significant threat’ to UK in cyberspace, NCSC warns

The “significant threat” posed by Chinese and Russian hackers has contributed to a record number of serious online attacks, the UK’s cyber security agency has warned.

The National Cyber Security Centre (NCSC), which is part of the GCHQ intelligence agency,  recorded a 50% increase in “highly significant” incidents in the year to the end of August.

The attacks on household names including Marks and Spencer, Co-op and Jaguar Land Rover have shown the real world impact of cyberattacks, the NCSC said.

As well as online criminals launching ransomware attacks to demand money from firms or individuals, the UK is also targeted by hostile states – either directly or through groups operating at arms-length from the authorities in Beijing, Moscow, Tehran and Pyongyang.

The NCSC’s annual review said: “State actors continue to present a significant threat to UK and global cyber security, aided by an evolving cyber intrusion sector.

“As threats intensified, our incident management team faced a record number of nationally significant incidents.”

The report said:

– China is a “highly sophisticated and capable threat actor, targeting a wide range of sectors and institutions across the globe, including the UK”.

– Russia is a “capable and irresponsible threat actor in cyberspace”, while pro-Moscow “hacktivist” groups operating outside formal state control are seeking to target the UK, Europe, US, and other Nato countries in retaliation for Western support for Ukraine and Israel.

– Iran’s activity has largely been focused in the Middle East but the NCSC assesses it is “highly likely” that UK entities could be potential targets for Tehran-linked hackers, following a US warning that Iranian state-sponsored or affiliated cyber activity could threaten critical infrastructure.

– North Korea’s “prolific and capable” hacking activity mainly seeks to raise revenue, to collect intelligence and to offset the impact of international sanctions, while undercover IT workers from Kim Jong Un’s country are “almost certainly” targeting UK firms by posing as third-country freelance staff.

In a speech on Tuesday to launch the annual review, NCSC chief Richard Horne will say: “We know that our adversaries are combining cyber means with physical methods in order to further their aims.

“Just last month, agencies from 13 nations came together  to warn that three technology companies based in China have conducted a malicious  global cyber campaign targeting critical networks on behalf of their host nation.”

As well as that warning in August this year, the NCSC and allies in September 2024 exposed a covert network operated by a China-linked company called Integrity Technology Group or Flax Typhoon, which had a botnet consisting of 260,000 compromised devices around the world.

The NCSC’s report comes with the risk posed by China to the UK under intense political scrutiny following the collapse of an alleged spying case and with a ruling due on Beijing’s application to build a massive new embassy in the heart of London.

The NCSC report warned that hackers – including those with links to Beijing – were using artificial intelligence (AI) to improve the potency of their attacks.

“Actors linked to China, Russia, Iran and the DPRK are using large language models to evade detection, support reconnaissance, process exfiltrated data, access systems through social engineering, and support vulnerability research and exploit development,” the NCSC warned.

In the year to the end of August, NSCS provided support in 429 cases, of which 204 were deemed “nationally significant incidents” – an increase from 89 in the previous 12 months.

Of those, 18 were categorised as “highly significant”, meaning they had a serious impact on government, essential services, the economy or a large proportion of the UK population.

Urging firms to act to bolster their cyber security, Mr Horne will say the gap between the “rising pace of the cyber threat” and the UK’s “collective resilience” continues to grow.

He will tell bosses: “The time to act is now.

“Over the past few weeks and months  we have seen household names impacted by cyber incidents across all sectors of the economy, from retail to manufacturing and transport.

“And those are just the incidents that have made the headlines.”