NCSC reaffirms guidance for those at risk of Chinese state hacking

[Pelican Press 0]

NCSC reaffirms guidance for those at risk of ******** state hacking

The ***’s National Cyber Security Centre (NCSC) has reaffirmed

This is the hidden content, please

• Sign In
• or
• Sign Up

for individuals considered at high risk of targeted hacking by ******** state-backed threat actors, in particular APT31, which is today being sanctioned in both the *** and the US over hacking campaigns dating back over a decade.

The NCSC has issued multiple warnings concerning the activities of APT31 over the years, and has documented a number of ways in which China may attempt to exploit data gleaned from the systems of the Electoral Commission and its other victims.

Besides large-scale espionage, these include the transnational repression of perceived dissidents and critics of China in the *** – likely including pro-democracy activists from Hong Kong, many of whom have sought and received asylum in the *** after being forced to leave their homes. 

“The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the *** and around the world,” said NCSC operations director Paul Chichester.

“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society,” he added.

“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyber space and I urge them to follow and implement the NCSC’s advice to stay safe online,” said Chichester.

The NCSC has revised its online guidance for high-profile individuals, outlining key steps such people should be taking as a matter of course to render themselves a ******* target for a threat actor of APT31’s ilk.

“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society”

Paul Chichester, NCSC

This guidance does not merely apply to politicians, but is equally useful to senior business leaders, and researchers and scientists, whose organisations may be at risk of industrial espionage, as well as activists, legal professionals and journalists.

It highlights the importance of protecting online accounts using strong passwords and multifactor authentication (MFA), and urges those at risk to review their overall use of social media and messaging apps, and their account privacy settings.

High-risk individuals should also get much better at updating their devices. Installing security updates promptly is one of the easiest ways to protect against a cyber *******, and the majority of mobile applications likely to be targeted by groups like APT31 should do this automatically. This ability, where offered, should be turned on. Users should also pay attention to where they are downloading applications from, making sure to use only official

This is the hidden content, please

• Sign In
• or
• Sign Up

and Apple stores.

Users are also advised to protect physical access to their devices with passwords and PINs, and if they are iPhone users, to activate Apple’s Lockdown mode. They should also consider replacing older devices, which may be out of support.

If users suspect they are being targeted in this way, they should be particularly alert to suspicious emails, and avoid clicking on any links or replying until certain the comms are genuine. Nation-state advanced persistent threat (APT) actors have been known to impersonate trusted contacts to get information out of their targets, so verifying contacts is also important.

If a user clicks on a link, or thinks they have been hacked, they are advised not to panic and to report it immediately.

Living off the land

The ***’s latest action comes just days after the NCSC and its Five Eyes counterparts, including the US Cybersecurity and Infrastructure Security Agency (CISA),

This is the hidden content, please

• Sign In
• or
• Sign Up

, a ******** state-backed APT actor that has been heavily targeting operators of critical national infrastructure.

This followed a previous warning in February, in which the Five Eyes agencies detailed how Volt Typhoon – and other state-backed APTs, not just ******** ones – were exploiting existing, legitimate tools on victims’ networks as part of their cyber ******* chains.

This tried-and-tested technique, which is widely referred to as

This is the hidden content, please

• Sign In
• or
• Sign Up

, enables a threat actor to blend into “naturally occurring” traffic and operate discretely without being detected. In this way, they can operate undetected until it is too late for the victim to do anything about it.

Toby Lewis, global head of threat analysis at

This is the hidden content, please

• Sign In
• or
• Sign Up

, said the 2023 ******* on the Electoral Commission was a good example of a living-off-the-land incident, its attackers having lain undetected in its network for some time.

“This latest incident highlights how nation-state hackers are skilled at blending into normal network activity,” he told Computer Weekly. “The only initial indicator was a series of suspicious log-in events – there were no other overt signs of a cyber intrusion using traditional detection methods. This is a valuable reminder that we can no longer solely rely on hunting for known indicators from past attacks.”

This is the hidden content, please

• Sign In
• or
• Sign Up

vice-president of threat intelligence, Don Smith, added: “******** state-sponsored cyber espionage is not a new threat. The *** and the US have been calling out these covert operations for several years now. The purpose of cyber espionage from China’s point of view is to access information that will advance the People’s Republic of China’s agenda.

“[However], over the past couple of years, tired of having their operations rumbled and publicly outed, the ******** have placed a growing emphasis on stealthy tradecraft in cyber espionage attacks. This is a change in MO from its previous ‘smash and grab’ reputation, but it is viewed by the ******** as a necessary evolution to, one, make it ******* to get caught and, two, make it nearly impossible to attribute an ******* to them.

“Specifically, this has manifested itself in four key areas: obfuscated networks; living on the edge; living off the land; and living in the cloud. Combined, these tactics make identification of malicious activity *******, but more importantly make attribution more complicated,” he said.

This is the hidden content, please

• Sign In
• or
• Sign Up

#NCSC #reaffirms #guidance #risk #******** #state #hacking

This is the hidden content, please

• Sign In
• or
• Sign Up