Chinese hackers are using everyday devices to hack UK firms, warns watchdog

British businesses are being urged to step up their vigilance against a China-linked hacking ploy that uses everyday devices for espionage.

The UK’s National Cyber Security Centre (NCSC) and agencies in nine other countries have warned of persistent attempts by Beijing-backed groups to hack equipment such as wifi routers to launch cyber-attacks.

Known as “covert networks” or “botnets”, they typically target vulnerable equipment – for instance devices that have not had a software update or are old – as a base for staging activities such as surveillance and data theft.

The NCSC said the technique was used by the majority of China-linked hackers. Richard Horne, the centre’s chief executive, said on Wednesday that China’s intelligence and military agencies had an “eye-watering level of sophistication in their cyber operations”. Speaking at his NCSC’s annual conference in Glasgow, he said: “We face more than just a capable cyber threat but a peer competitor in cyberspace.”

The advisory notice from the NCSC and cyber agencies in countries including the US, Australia, Canada and Germany warns there has been a “major shift” in Chinese tactics to using devices linked to the internet as a means of obscuring where an attack comes from. The most commonly hijacked devices are routers but printers and web cameras are also vulnerable.

Security officials compare routers to virtual private networks, which allow web users to obscure their location. They say a household’s wifi router could be used as a conduit for attacking an unrelated major company.

While the NCSC guidance is not directed at members of the public who might be unwittingly providing a launchpad for espionage, it urges companies and organisations to take a number of steps such as mapping out their IT systems, including connections to consumer broadband networks. It also recommends multifactor authentication – where users are asked to give another form of verification along with their password – for members of staff trying to access a system remotely. They also advise limiting network connections to external devices.

The centre said in the advisory notice published on Thursday: “The NCSC believes that the majority of China-nexus threat actors are using these networks, that multiple covert networks have been created and are being constantly updated, and that a single covert network could be being used by multiple actors. These networks are mainly made up of compromised small office home office routers, as well as internet of things [connected devices] and smart devices.”

A China-backed group, dubbed Volt Typhoon by western authorities, has been flagged by agencies as a user of covert networks and has quietly burrowed into key US infrastructure including rail, aviation and water systems. The NCSC said these covert networks were now built and maintained by private Chinese companies. In one example, a Chinese business created a covert network by infecting 200,000 devices worldwide.

This year, Google announced it had disrupted a “residential proxy” network where cybercrime groups and state actors used hacked household and IT devices to launch attacks.