UK Clamps Down on China-Based Companies for Reckless and Irresponsible Cyber Activity

 
10/12/2025
8 min read

Key Takeaways:

  • UK targets cyber threats head-on — Two China-based companies, i-Soon and Integrity Tech, have been sanctioned for reckless global cyberattacks that compromised government and private-sector IT systems.
  • Sanctions aim to disrupt hostile cyber ecosystems — The measures reflect the UK’s determination to curb the growing network of commercial actors supporting Chinese state-linked cyber operations.
  • Strengthening global cyber norms — This action reinforces the UK’s commitment to responsible behaviour in cyberspace, aligning with UN principles and international efforts to regulate commercial cyber intrusion capabilities.

Two firms sanctioned as UK warns of expanding cyber threats from China’s commercial hacking ecosystem

The UK government has imposed new sanctions on two technology companies based in China after uncovering evidence of their involvement in a series of "reckless and indiscriminate" cyberattacks against the UK and its allies. The action, announced on 9 December 2025 by the Foreign, Commonwealth & Development Office (FCDO), marks one of the UK’s most robust interventions yet against foreign commercial entities accused of facilitating state-linked cyber operations.

The move underscores a rapidly evolving threat landscape in which private-sector actors—often marketed as “information security firms”—play a growing role in international cyber-espionage, data theft, and covert surveillance. According to the UK’s National Cyber Security Centre (NCSC), it is now “almost certain” that parts of China’s cyber industry form an extended ecosystem supporting Chinese state-linked hacking campaigns.

With the scale and sophistication of these attacks increasing year on year, the UK’s response signals both a determination to defend national security and a broader commitment to shaping global norms on responsible cyber behaviour.

Sanctioned Companies: i-Soon and Integrity Tech

The sanctions announced by the UK target two entities accused of enabling or directly conducting cyberattacks against critical systems worldwide:

1. Sichuan Anxun Information Technology Co. Ltd (i-Soon)

Also known as i-Soon, the firm has been accused of targeting over 80 government and private industry IT systems across the globe. According to the FCDO, the company did not merely carry out attacks but also provided logistical and technical support to others preparing malicious activity.

i-Soon’s operations reportedly involved:

  • Penetrating networks belonging to government agencies
     
  • Extracting sensitive communications and classified information
     
  • Assisting third-party clients—including suspected state actors—by supplying hacking tools and expertise
     

The targeting of such a wide array of systems and institutions places i-Soon among the most prolific private actors implicated in international cyber intrusions.

2. Integrity Technology Group Incorporated (Integrity Tech)

Integrity Tech is accused of managing a covert cyber network used for hostile operations and offering technical assistance for others conducting cyberattacks.

Notably, the company’s targets included UK public sector IT systems, raising particular concerns about infiltration attempts on core public services and administrative functions.

Together, these two firms highlight what the UK describes as a “cyber industry ecosystem” within China that merges commercial profit motives with state-linked strategic operations.

A Wider Pattern: The Growing Threat of China’s Private Cyber Industry

The sanctions build on evidence that Chinese cyber threats are increasingly driven not only by official state agencies but by a constellation of private-sector companies working directly or indirectly in support of national intelligence services.

This ecosystem, according to the NCSC, includes:

  • Cybersecurity firms offering offensive intrusion services
     
  • Data brokers selling harvested personal data
     
  • Hackers for hire, operating as contractors or subcontractors
     
  • Technology consultancies that develop malware or exploit kits
     
  • Network management companies providing covert operational infrastructure
     

While China’s official policy denies sponsorship of cyberattacks, Western intelligence agencies argue that the country’s cyber apparatus relies heavily on contractors—a model that blurs the lines of state accountability and complicates diplomatic responses.

SALT TYPHOON and the Global Scale of Cyber-Espionage

The UK’s action this week follows an earlier joint advisory issued in August 2025 by the UK and 12 international partners, exposing three China-based companies linked to SALT TYPHOON, a cyber-espionage campaign associated with a China state-affiliated Advanced Persistent Threat (APT) group.

Those companies were:

  • Sichuan Juxinhe Network Technology Co. Ltd
     
  • Beijing Huanyu Tianqiong Information Technology Co.
     
  • Sichuan Zhixin Ruije Network Technology Co. Ltd
     

The SALT TYPHOON campaign targeted:

  • Government departments
     
  • Telecommunications systems
     
  • Transportation networks
     
  • Military infrastructure
     
  • Public services in Europe, North America, and Asia
     

The intent of the operation, according to intelligence assessments, was to give Chinese intelligence services the ability to track communications, movements, and operational patterns of high-value targets.

With the addition of i-Soon and Integrity Tech to the list of companies publicly identified, the UK highlights what it calls the “vast scale” of cyberattacks conducted by China-based entities in recent years.

Sanctions: What They Mean in Practice

The measures imposed by the UK are designed to curtail the companies’ ability to operate internationally and to disrupt their financial channels. The sanctions include:

  • Asset freezes on both companies
     
  • Prohibitions on UK entities engaging in commercial dealings with them
     
  • Restrictions on financial transactions
     
  • Limitations on their ability to access UK-based technology or services
     

While the sanctions primarily affect overseas actors, their effects ripple across global supply chains, international cooperation frameworks, and cyber intrusion markets.

Cyber Norms and International Law: Why These Actions Matter

The UK stressed that cyberattacks of this kind violate the United Nations’ agreed principles for responsible state behaviour in cyberspace. These principles emphasise:

  • Non-interference in the internal affairs of sovereign states
     
  • Prohibitions on targeting critical national infrastructure
     
  • The need for transparency and predictability in state cyber operations
     
  • International cooperation in preventing malicious cyber activity
     

By sanctioning non-state actors suspected of supporting state-linked cyberattacks, the UK reinforces the notion that states remain responsible for actors within their jurisdiction, whether those actors are formal government agencies or private contractors.

This position fits within a broader legal and diplomatic context: states are increasingly expected to regulate the commercial cyber intrusion capabilities of companies operating domestically.

“Security Is Non-Negotiable”: UK Sets Out a Clearer China Strategy

In a recent speech at the Guildhall, the Prime Minister affirmed that protecting national security is the government’s first and fundamental duty. The UK recognises China as a complex partner—simultaneously:

  • A strategic competitor
     
  • A permanent member of the UN Security Council
     
  • A significant economic power
     
  • A source of both opportunity and risk
     

China has contributed nearly a third of global economic growth over the past decade, making a stable relationship economically desirable. Yet its state-linked cyber operations, military posture, and political influence campaigns present significant national security challenges.

The UK’s approach combines firm resistance to threats with measured cooperation where beneficial, such as climate policy, trade, and regional stability.

The Pall Mall Process: Shaping Global Governance of Cyber Intrusion Tools

The UK and France jointly lead the Pall Mall Process, an international initiative designed to develop a framework for responsible behaviour among actors involved in the rapidly growing market for commercial cyber intrusion capabilities.

The initiative aims to:

  • Set international norms for private-sector cyber capabilities
     
  • Prevent proliferation of hacking tools to authoritarian actors and criminal groups
     
  • Establish due diligence and auditing standards for cybersecurity firms
     
  • Encourage transparency and accountability in offensive cyber markets
     

As offensive cyber tools become more accessible, the risk to civilians, businesses, and governments increases. The Pall Mall Process seeks to impose order and ethical structure on what is currently a largely unregulated market.

A First for Transparency: UK’s National Cyber Force Guidelines

The UK remains the only country in the world to publish guidelines outlining the principles governing its own National Cyber Force (NCF) and its approach to offensive cyber operations.

These principles emphasise:

  • Discrimination and proportionality
     
  • Minimising harm to civilians
     
  • Maintaining legitimacy in international law
     
  • Avoiding destabilising actions
     

This transparency bolsters the UK’s credibility in calling for responsible behaviour from other states and private actors.

Why These Sanctions Matter for the UK and the World

The UK’s action against i-Soon and Integrity Tech represents more than a punitive measure—it is a strategic signal and a step toward shaping global norms.

1. Strengthening National Security

Cyberattacks pose threats not only to government systems but to the foundations of modern society—healthcare, transport, utilities, finance, and democratic processes.

Targeting companies believed to be enablers of such attacks strikes at the infrastructure that supports hostile operations.

2. Setting a Precedent for Accountability

By identifying private companies engaged in malicious activity, the UK challenges a growing trend where states outsource cyber operations to evade accountability.

3. Consolidating International Partnerships

The UK’s actions align closely with those of the US, EU, Australia, Canada, and Japan, fostering a coordinated international response to cyber threats.

4. Protecting the Global Cyber Ecosystem

Unchecked, commercial intrusion capabilities risk destabilising global digital infrastructure. Sanctions help limit proliferation and raise the cost of malicious activity.

Conclusion: A Turning Point in Cyber Diplomacy?

The UK’s sanctions against two China-based tech companies signal a decisive shift in how nations address private-sector participation in cyberattacks. In an era where hacking capabilities can be outsourced, bought, or covertly contracted, governments must adapt both policy and legal frameworks to remain effective.

By calling out malicious actors, reinforcing international norms, and pushing for global governance mechanisms, the UK seeks to protect not only its own security but the broader stability of the international digital ecosystem.

Whether these measures will deter future threats remains to be seen—but they mark an important step in establishing accountability and strengthening cyber resilience at a time when the stakes have never been higher.

Contact Us Now

Related articles:

Statutory Declaration in the UK: What It Is & How to Make One Legally

Avoid Costly Mistakes: What You Need to Know About Statutory Declarations in the UK

Common Uses of Statutory Declarations