The National Cyber Security Centre (NCSC), in conjunction with US, Australian, Canadian, and New Zealand counterparts, have issued a joint advisory and guidance warning critical infrastructure operators of the threat posed by cyber attackers who use “living off the land” techniques to camouflage their activities on victims’ networks. The NCSC has discovered that state-sponsored actors are among the attackers using these techniques, which exploit native tools and processes built into computer systems to gain persistent access and avoid detection. This makes it difficult to differentiate between malicious activity and legitimate system and network behaviour, even by organisations with more mature security. New joint guidance advises providers to follow the recommended actions to help detect compromises and mitigate vulnerabilities. The advisory also reveals that Chinese and Russian state-sponsored actors are among those who have been observed using “living off the land” techniques to compromise critical infrastructure networks. Additionally, a separate advisory shares details about China state-sponsored actor Volt Typhoon, which has been observed using these techniques to compromise US critical infrastructure systems.