Thrive UK
Caught in China’s Cyber Crosshairs: How Your Business Might Be Exposed
For mid-size British businesses, the cyber threat landscape has become a minefield in recent years. We have already reported on state-sponsored threats to private companies and public services. This year’s massive cyber attack on London National Health Service (NHS) hospitals by a Russian ransomware group has caused hundreds of operations to be cancelled, the need for emergency blood supplies to be found, and IT systems suspended, leading to the manual processing of patients because of a hack into the NHS supply chain.
While criminal hackers and financially motivated cybercrime groups have long plagued companies from known sources, a new and even more alarming threat has emerged: state-sponsored hacking operations backed by the Chinese government.
Recent developments have shed light on the sophisticated and persistent efforts by Chinese hackers to compromise systems, steal data, and even interfere with democratic processes across the UK and its allies. No business is immune, no matter its size or sector, so in this article, we’ll explain how you can protect your business from this imminent threat.
Investigated by the NCSC
In March 2024, the UK government took the bold step of publicly calling out China for two major cyber campaigns targeting British democratic institutions and Members of Parliament. As revealed by the National Cyber Security Centre (NCSC), a Chinese state-affiliated group gained widespread access to the systems of the Electoral Commission between 2021-2022, potentially exposing data on a whopping 40 million Britons on the electoral register. In a separate campaign in 2021, the same Chinese hacking group carried out reconnaissance against British members of parliament, particularly those outspokenly critical of Chinese government policies.
These were by no means isolated cases but rather represent, according to the Foreign Office, a “part of a large-scale espionage campaign” by China. These revelations were supported by allies like the United States, who announced criminal charges against Chinese hackers and partners across Europe and the Indo-Pacific, condemning Beijing’s malicious cyber activity.
Newly discovered malware
One particularly sly tactic Chinese threat groups use is exploiting the trusted relationships and supply chains of the targeted organisations. Crowdstrike’s Global Threat Report assessed that Chinese threat actors known as “Jackpot Panda” and “Cascade Panda” “consistently exploited trusted relationships through supply chain compromises and actor-on-the-side or actor-in-the-middle attacks.” These groups can quickly gain clandestine access and deploy malware inside a victim’s network by hijacking software updates or compromising close third-party vendors.
For example, Jackpot Panda was found to have “trojanised” installers for legitimate Chinese software to deploy their malware. Similarly, Cascade Panda intercepted update traffic from commonly used software utilities to install its WinDealer remote access tool on systems belonging to Chinese-speaking targets. Even little-known groups potentially linked to Beijing pulled off supply chain attacks, such as compromising an Indian (among other) critical infrastructures with a cybersecurity vendor, I-Soon, distributing malware via its software updates across multiple sectors, affecting users across the globe.
Three ways your company could find itself in the firing line
While the Chinese government’s motivations may usually be centred on gathering intelligence (mainly for monitoring dissidents), UK companies could easily get caught in the crosshairs. Firstly, they represent a treasure trove of intellectual property, research, customer data, and other sensitive information crucial to Beijing’s strategic interests and economic leverage. The Chinese military policy of “civil-military fusion” blurs any remaining lines between the private sector and state assets.
Secondly, British firms are deeply embedded in the same supply chains, software ecosystems, and trusted vendor relationships, actively being exploited as vectors for initial access by Chinese hackers. After all, a company’s cybersecurity posture is only as strong as its weakest link in such an interconnected business environment. Threat actors have demonstrated a keen ability to methodically map out these interdependencies and pounce when the opportunity presents itself.
Finally, UK businesses like yours should be prepared for the potential collateral damage and interruptions caused by Chinese cyber operations, even when not directly targeted against them. The data thieves’ campaigns highlighted above directly interfered with the IT systems of government bodies responsible for administering elections and democratic processes in Britain. So, any company’s operations could halt if its technologies or data flow intersects with compromised systems.
How can you shield your business?
In the face of this daunting threat from a competent nation-state adversary, mid-size UK businesses must boost their cyber defences and resilience. A proactive, comprehensive cybersecurity strategy centred around advanced threat detection capabilities is essential. Implementing strong access controls such as multiple-factor authentication, tight identity management, encryption, and vetting the cybersecurity practices of third-party vendors can all reduce risk exposure.
However, even the most robust technical controls have limits against skilled, determined, and infinitely meticulous nation-state attackers like China’s hacker groups. Businesses require professional cybersecurity monitoring services, threat-hunting experts, and incident response capabilities to identify and neutralise intrusion attempts quickly. For this reason, continuous security awareness training to educate employees on the latest tactics, like supply chain compromises, is also critical.
Take protective steps now
As the UK government has demonstrated with its recent actions, exposing and holding malicious Chinese cyber criminals accountable is a priority for preserving our national security and democratic values. Businesses must follow suit and implement comprehensive defences against this looming threat. Unfortunately, failing to do so risks surrendering your organisation’s most valuable data, suffering crippling interruptions, or unwittingly aiding and abetting Beijing’s authoritarian projects. Now is the time to get ahead of those jeopardising UK companies – before a rocky cyber stance becomes a devastating crisis for your company.
Don’t hesitate to contact Thrive today to learn more about nation-state threat detection and mitigation strategies tailored to mid-market UK businesses. Protecting your organisation from state-backed cyber campaigns demands the vigilance and expertise that our experienced team can provide you with every step of the way.