The NCSC published the new guidance alongside industry and 15 international partners from across eight other countries: the United States, Australia, Canada, Germany, Japan, the Netherlands, New Zealand and Spain.

Covert networks, usually made up of what the NCSC described as vulnerable everyday internet-connected devices such as home routers and smart devices, are used to target critical sectors globally, steal sensitive data, and maintain persistent access.

“In recent years, we have seen a deliberate shift in cyber groups based in China utilising these networks to hide their malicious activity in an attempt to avoid accountability,” NCSC director of operations Paul Chichester said in a statement.

The Chinese foreign ministry did not immediately respond to a Reuters request for comment.

The new guidance – jointly issued with agencies including the US Federal Bureau of Investigation – warns that attacks can be hard to detect because evidence can disappear quickly, complicating efforts to disrupt such activity.

The advisory comes a day after Richard Horne, the head of the NCSC, warned Britain to brace for a rise in cyberattacks directly or indirectly from nation states, including China, Iran and Russia.

He said his agency had continued to handle about four nationally significant cyber incidents a week on average and that the highest-impact attacks were increasingly tied to governments rather than criminal gangs alone.

Britain has also called on leading AI companies to work with the government to build AI-powered cyber-defence capabilities to protect critical national infrastructure