NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

The UK and allies have issued a fresh warning to critical infrastructure operators about the threat from cyber attackers using sophisticated techniques to camouflage their activity on victims’ networks.

The National Cyber Security Centre – a part of GCHQ – and agencies in the US, Australia, Canada and New Zealand have detailed how threat actors have been exploiting native tools and processes built into computer systems to gain persistent access and avoid detection.

This kind of tradecraft, known as ‘living off the land’, allows attackers to operate discreetly, with malicious activity blending in with legitimate system and network behaviour making it difficult to differentiate – even by organisations with more mature security postures.

The NCSC assesses it is likely this type of activity poses a threat to UK critical national infrastructure and so all providers are urged to follow the recommended actions to help detect compromises and mitigate vulnerabilities.

The new ‘Identifying and Mitigating Living Off The Land’ guidance warns that China state-sponsored and Russia state-sponsored actors are among the attackers that have been observed living off the land on compromised critical infrastructure networks.