From:
Foreign, Commonwealth & Development Office gov.uk
Published
9 December 2025
Two tech companies based in China have been sanctioned for reckless and indiscriminate cyberattacks
Sichuan Anxun Information Technology Co. Ltd (known as i-Soon) for targeting over 80 government and private industry IT systems across the world, and for supporting others planning to carry out malicious cyber activity.
Integrity Technology Group Incorporated (known as Integrity Tech) for controlling and managing a covert cyber network and providing technical assistance for others to carry out cyberattacks. Targets have included UK public sector IT systems.
I-Soon and Integrity Tech are examples of the threat posed by the cyber industry in China, which includes information security companies, data brokers (that collect and sell personal data), and ‘hackers for hire’. Some of these companies provide cyber services to the Chinese intelligence services.
The UK’s National Cyber Security Centre (NCSC) assesses that it is almost certain that this ‘ecosystem’ or complex network of private sector actors, supports Chinese state-linked cyber operations.
The announcement follows the August 2025 exposure by the UK and international partners of three China-based companies linked to the cyber-espionage campaign known as SALT TYPHOON. Combined, they highlight the vast scale of cyberattacks by China-based companies targeting governments, telecommunications, military institutions, and public services worldwide.
These cyberattacks from unrestrained actors in China go against agreed UN cyber principles. The measures announced today are designed to reduce the risk of such threats to the UK’s security and broader international stability.
As the Prime Minister set out recently in a speech at the Guildhall, protecting our security is non-negotiable and the first duty of the government. The UK recognises that China poses a series of threats to UK national security. China is also a fellow permanent member of the UN Security Council, the world’s second largest economy and a nuclear power which has delivered almost a third of global economic growth over the past decade. We challenge threats robustly, enabling us to pursue cooperation where it is in our interest.
Notes to Editors
In August 2025, the UK alongside 12 other countries co-sealed a cyber security advisory linking China-based technology companies to some of the activities associated with a China state-affiliated APT group (commonly known as SALT TYPHOON). These companies are: Sichuan Juxinhe Network Technology Co. Ltd, Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin Ruije Network Technology Co. Ltd.
This activity targeted governments, telecommunications, transportation, and military infrastructure globally, and sought to provide Chinese intelligence services with the capability to identify and track targets’ communications and movements worldwide.
Together with France, the UK continues to lead the Pall Mall Process, an international initiative which seeks to establish a framework for responsible behaviour for those involved in the rapidly growing market in commercial cyber intrusion capabilities.
The UK has consistently promoted the UN normative framework for responsible state behaviour in cyberspace. The UK remains the first and only country to publish guidelines for its National Cyber Force detailing the principles that we adhere to. We firmly believe that states should use cyber capabilities in a responsible manner, whether commercial or otherwise.
ncsc.gov.uk The NCSC and international partners share technical details of malicious activities and urge organisations to take mitigative actions.
GCHQ’s National Cyber Security Centre and international partners link three China-based companies to campaign targeting foreign governments and critical networks.
Commercial cyber ecosystem with links to the Chinese intelligence services has enabled global malicious activity.
New advisory supports UK organisations in critical sectors bolster their security against China state-sponsored cyber activity
Network defenders urged to proactively hunt for activity and take steps to mitigate threat from attackers exploiting avoidable weaknesses
The UK and international allies have today (Wednesday) publicly linked three technology companies based in China with a global malicious cyber campaign targeting critical networks.
In a new advisory published today, the National Cyber Security Centre (NCSC) – a part of GCHQ - and international partners from twelve other countries have shared technical details about how malicious cyber activities linked with these China-based commercial entities have targeted nationally significant organisations around the world.
Since at least 2021, this activity has targeted organisations in critical sectors including government, telecommunications, transportation, lodging, and military infrastructure globally, with a cluster of activity observed in the UK.
The activities described in the advisory partially overlaps with campaigns previously reported by the cyber security industry most commonly under the name Salt Typhoon.
The data stolen through this activity can ultimately provide the Chinese intelligence services the capability to identify and track targets’ communications and movements worldwide.
The advisory describes how the threat actors have had considerable success taking advantage of known common vulnerabilities rather than relying on bespoke malware or zero-day vulnerabilities to carry out their activities, meaning attacks via these vectors could have been avoided with timely patching.
Organisations of national significance in the UK are encouraged to proactively hunt for malicious activity and implement mitigative actions, including ensuring that edge devices are not exposed to known vulnerabilities and implementing security updates.
NCSC Chief Executive Dr Richard Horne said:
“We are deeply concerned by the irresponsible behaviour of the named commercial entities based in China that has enabled an unrestrained campaign of malicious cyber activities on a global scale.
“It is crucial organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors who have been exploiting publicly known – and so therefore fixable – vulnerabilities.
“In the face of sophisticated threats, network defenders must proactively hunt for malicious activity, as well as apply recommended mitigations based on indicators of compromise and regularly reviewing network device logs for signs of unusual activity.”
The UK has led globally in helping to improve cyber risk management with leading legislation including the Telecommunications (Security) Act 2021 and the associated Code of Practice, for which the NCSC was the technical authority.
The government's forthcoming Cyber Security and Resilience Bill will further strengthen the UK’s cyber defences, protecting the services the public rely on to go about their normal lives.
The NCSC and government partners have previously warned about the growing range of cyber threats facing critical sectors and provides a range of guidance and resources to improve resilience.
The NCSC's Early Warning service provides timely notifications about potential security issues, including known vulnerabilities, and malicious activities affecting users’ networks. All UK organisations can sign up to this free service.
The three China-based technology companies provide cyber-related services to the Chinese intelligence services and are part of a wider commercial ecosystem in China, which includes information security companies, data brokers and hackers for hire.
The named entities are: Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co, and Sichuan Zhixin Ruijie Network Technology Co Ltd.
The NCSC has co-sealed this advisory alongside agencies from the United States, Australia, Canada, New Zealand, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland and Spain.
The biggest companies in AI aren’t interested in paying to use copyrighted material as training data, and here are their reasons why.
