China-linked hacking groups are responsible for a growing number of cyber attacks against the UK, the National Cyber Security Center (NCSC) has confirmed.
Paul Chichester, director of operations at the NCSC, said it recognizes that nation states such as China use cyberattacks as a tool to implement national strategy and national intelligence outputs.
According to NCSC annual reviewThe country “continues to be a highly skilled and capable threat actor” and targets a wide range of sectors and institutions around the world, including in the UK.
The warning came as government ministers wrote to the leaders hundreds of large enterprises urging them to take concrete measures to combat cyber threats.
Last year, the Five Eyes intelligence agencies, including the UK, uncovered Chinese company manages a malicious botnet of 260,000 devices.
In August, they warned that Chinese state-sponsored actors targets routers of large telecom providersand using infected devices to infiltrate other networks.
There are concerns that some nation states, including Russia, are “pre-positioning” cyber capabilities to attack critical infrastructure. “We absolutely recognize that there is a threat here,” Chichester said. “The conflict in Ukraine shows that Russia believes it can achieve its goals by destroying critical infrastructure.”
AI is a tool, not an existential threat
The NCSC also reported that hostile states are using artificial intelligence (AI) to improve the effectiveness and frequency of existing attack methods, but are not yet using the technology for new attacks.
Actors linked to China, Russia, Iran and North Korea are beginning to use large language models to evade detection, steal data, explore security vulnerabilities and develop social engineering to gain access to systems.
Over the past 18 months, researchers have identified new AI threats, including automated spear phishing campaigns, large language cloud model hacking, and data theft.
According to NCSC research, the most significant cyber developments in the field of artificial intelligence in the near future will involve the use of artificial intelligence to research vulnerabilities and develop exploits.
NCSC technical director Ollie Whitehouse said AI itself is used by attackers as a “natural means of enhancing productivity” and does not currently pose an “existential threat”.
Less experienced hackers use it to carry out more complex attacks, and existing attackers use it to carry out operations of greater scale and depth.
“You can think of AI as a tool to enhance the enemy's performance,” he said. “We see it in a wide range of possibilities, from using it to develop malware to trying to integrate it into certain capabilities to evade detection.”
Ransomware is the most pressing threat
For organizations in the UK, ransomware remains the biggest threat. Despite a spate of attacks on retailers this year, including Marks and Spencer, Co-op and Harrods, cybercriminals are taking an opportunistic approach and targeting organizations in any vulnerable sector.
Chichester said the NCSC reviews reports from businesses affected by ransomware every day. “Sadly, every morning we see organizations such as schools, charities, small businesses – the people and organizations that underpin economies and societies – just having a terrible day and having a very bad time,” he added.
The upcoming Cyber Security and Resilience Bill, which will require organizations providing key infrastructure, including data centers and managed service providers, to report cyber incidents within 24 hours and provide more detailed information within 72 hours, will improve resilience across the UK.
Richard Horne said it is critical that board members understand cybersecurity risks. “And I think it's not just about reporting, but it's also important to understand the urgency with which we need to act,” he added.
Horne's comments come as ministers write to corporate leaders asking them to step up security cooperation as cyber threats rise.
The letter calls on business leaders to “take concrete action” to manage cyber risks and strengthen their companies' defenses against attacks.
It warns that cyber activity in the UK has become “more intense, frequent and sophisticated” and has the potential to seriously disrupt organizations, impacting their workers and damaging their brand and profits.
