Chinese ‘sleeper cells’ are hidden in government and telecom networks, report warns amid UK threat spike
Chinese operatives have secretly embedded long-term access inside global telecommunications networks, according to a new investigation, raising concerns that critical systems underpinning everyday life in the UK could already be quietly compromised.
Listen to this article
The report by cybersecurity firm Rapid7 describes how “digital sleeper cells” have been planted deep within telecoms infrastructure — the networks that carry phone calls, texts, banking data and government communications.
Rather than launching immediate attacks, the campaign appears designed for patience. The aim is to gain access, remain hidden for months or years, and retain the ability to monitor or act at a time of the attacker’s choosing.
Rapid7 said it had identified the group behind the activity as Red Menshen, an advanced China-linked espionage unit known for operating deep inside telecom and government systems.
Christiaan Beek, Rapid7’s VP of Cyber Intelligence, said: “Red Menshen is an advanced China-nexus group known for its stealthy BPFDoor malware and focus on long-term espionage within government and telecom networks.
“They excel at maintaining deep persistence to extract high-value strategic intelligence.”
While the group has historically focused on regions including Asia, the Middle East and Africa, its operations have now scaled globally, with confirmed detections across the US and Europe.
For the average Brit, the concern is not an immediate outage or visible disruption. Instead, it is the possibility that the networks carrying personal data — including who you communicate with and where you are — could be accessed without detection.
Telecoms infrastructure is considered one of the most sensitive targets in the digital world. Compromise at this level can provide visibility into communications patterns, location data and the systems that underpin national infrastructure.
The findings come amid growing warnings from UK intelligence agencies about the scale of the cyber threat posed by hostile states, particularly China.
GCHQ’s National Cyber Security Centre (NCSC) has warned that China represents a “highly sophisticated and capable” threat actor targeting a wide range of sectors, including the UK. Its latest annual review recorded a 50% rise in “highly significant” cyber incidents over the past year.
Recent attacks on major British companies including Marks and Spencer, Co-op and Jaguar Land Rover have underlined the real-world impact of cyber operations, from disrupted services to halted production lines.
Security minister Dan Jarvis said cyber crime is now one of the greatest threats to the UK economy and warned that both businesses and individuals must “step up” their defences.
Officials have also expressed concern about hostile states “pre-positioning” access inside critical infrastructure, embedding themselves in systems in advance of future operations.
That warning closely aligns with Rapid7’s findings. The report suggests the activity is not about short-term breaches, but about embedding inside the systems that keep countries running, and staying there undetected.
The tools used are designed to avoid traditional security measures, hiding deep within core systems and only activating under very specific conditions. As a result, networks can appear normal while still being compromised.
Experts say this reflects a broader shift in cyber warfare, with states including China, Russia, Iran and North Korea increasingly combining long-term digital access with strategic objectives.
For now, there is no evidence the public needs to take immediate action.
But the implication is harder to ignore. The threat is no longer just about attacks from the outside, but about whether adversaries may already be inside the systems the UK depends on, watching and waiting.