News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. China state-sponsored actors target networks globally

China state-sponsored actors target networks globally

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

9:00am, 28 August 2025

TLP Rating: Clear

China state-sponsored actors target networks globally

What's happening

Systems affected

People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including but not limited to telecommunications, government, transportation, lodging, and military infrastructure networks.  

While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks. These actors often modify routers to maintain persistent, long-term access to networks. 

What this means

The data stolen through this activity against foreign telecommunications and internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targets’ communications and movements around the world.

What to look for

How to tell if you're at risk

Investigations associated with these APT actors indicate that they are having considerable success exploiting publicly known common vulnerabilities and exposures (CVEs) and other avoidable weaknesses within compromised infrastructure. 

Exploitation of zero-day vulnerabilities has not been observed to date. The APT actors will likely continue to adapt their tactics as new vulnerabilities are discovered and as targets implement mitigations and will likely expand their use of existing vulnerabilities. 

What to do

Prevention

We encourage network defenders of critical infrastructure organisations, especially telecommunications organisations, to perform threat hunting, and, when appropriate, incident response activities.

If malicious activity is suspected or confirmed, organisations should consider all mandatory reporting requirements to relevant agencies and regulators under applicable laws and regulations, and any additional voluntary reporting to appropriate agencies, such as cyber security or law enforcement agencies who can provide incident response guidance and assistance with mitigation.

More information

Download the advisory External Link

This advisory has been jointly published by the:

  • United States National Security Agency (NSA)
  • United States Cybersecurity and Infrastructure Security Agency (CISA)
  • United States Federal Bureau of Investigation (FBI)
  • United States Department of Defense Cyber Crime Center (DC3)
  • Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
  • Canadian Centre for Cyber Security (Cyber Centre)
  • Canadian Security Intelligence Service (CSIS)
  • New Zealand National Cyber Security Centre (NCSC-NZ)
  • United Kingdom National Cyber Security Centre (NCSC-UK)
  • Czech Republic National Cyber and Information Security Agency (NÚKIB)1
  • Finnish Security and Intelligence Service (SUPO)
  • Germany Federal Intelligence Service (BND)
  • Germany Federal Office for the Protection of the Constitution (BfV)
  • Germany Federal Office for Information Security (BSI)
  • Italian External Intelligence and Security Agency (AISE)
  • Italian Internal Intelligence and Security Agency (AISI)
  • Japan National Cyber Office (NCO)
  • Japan National Police Agency (NPA)
  • Netherlands General Intelligence and Security Service (AIVD)
  • Netherlands General Intelligence and Security Service (AIVD)
  • Polish Military Counterintelligence Service (SKW)
  • Polish Foreign Intelligence Agency (AW)
  • Spain National Intelligence Centre (CNI)