The UK’s cyber security agency has issued a stark warning regarding a record surge in serious online attacks, attributing the “significant threat” to Chinese and Russian hackers.
The National Cyber Security Centre (NCSC), a division of GCHQ, reported a 50 per cent increase in “highly significant” incidents over the year ending August. This rise underscores the tangible impact of cyberattacks, as evidenced by breaches affecting major British brands such as Marks and Spencer, Co-op, and Jaguar Land Rover.
As well as online criminals launching ransomware attacks to demand money from firms or individuals, the UK is also targeted by hostile states – either directly or through groups operating at arms-length from the authorities in Beijing, Moscow, Tehran and Pyongyang.
The NCSC’s annual review said: “State actors continue to present a significant threat to UK and global cyber security, aided by an evolving cyber intrusion sector.
“As threats intensified, our incident management team faced a record number of nationally significant incidents.”
The report said:
– China is a “highly sophisticated and capable threat actor, targeting a wide range of sectors and institutions across the globe, including the UK”.
– Russia is a “capable and irresponsible threat actor in cyberspace”, while pro-Moscow “hacktivist” groups operating outside formal state control are seeking to target the UK, Europe, US, and other Nato countries in retaliation for Western support for Ukraine and Israel.
– Iran’s activity has largely been focused in the Middle East but the NCSC assesses it is “highly likely” that UK entities could be potential targets for Tehran-linked hackers, following a US warning that Iranian state-sponsored or affiliated cyber activity could threaten critical infrastructure.
– North Korea’s “prolific and capable” hacking activity mainly seeks to raise revenue, to collect intelligence and to offset the impact of international sanctions, while undercover IT workers from Kim Jong Un’s country are “almost certainly” targeting UK firms by posing as third-country freelance staff.
In a speech on Tuesday to launch the annual review, NCSC chief Richard Horne will say: “We know that our adversaries are combining cyber means with physical methods in order to further their aims.
“Just last month, agencies from 13 nations came together to warn that three technology companies based in China have conducted a malicious global cyber campaign targeting critical networks on behalf of their host nation.”
As well as that warning in August this year, the NCSC and allies in September 2024 exposed a covert network operated by a China-linked company called Integrity Technology Group or Flax Typhoon, which had a botnet consisting of 260,000 compromised devices around the world.
The NCSC’s report comes with the risk posed by China to the UK under intense political scrutiny following the collapse of an alleged spying case and with a ruling due on Beijing’s application to build a massive new embassy in the heart of London.
The NCSC report warned that hackers – including those with links to Beijing – were using artificial intelligence (AI) to improve the potency of their attacks.
“Actors linked to China, Russia, Iran and the DPRK are using large language models to evade detection, support reconnaissance, process exfiltrated data, access systems through social engineering, and support vulnerability research and exploit development,” the NCSC warned.
In the year to the end of August, NSCS provided support in 429 cases, of which 204 were deemed “nationally significant incidents” – an increase from 89 in the previous 12 months.
Of those, 18 were categorised as “highly significant”, meaning they had a serious impact on government, essential services, the economy or a large proportion of the UK population.
Urging firms to act to bolster their cyber security, Mr Horne will say the gap between the “rising pace of the cyber threat” and the UK’s “collective resilience” continues to grow.
He will tell bosses: “The time to act is now.
“Over the past few weeks and months we have seen household names impacted by cyber incidents across all sectors of the economy, from retail to manufacturing and transport.
“And those are just the incidents that have made the headlines.”
