The NSA has just published a report of the top 25 vulnerabilities that it alleges Chinese state actors are using to attach US assets. Since it also probably applies to attacks on the UK, I thought you might like to have a look and the full report is a PDF at https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
The top few related to exploiting vulnerabilities in VPN’s, Remote Desktop and Citrix but I would encourage you to read the report for more details.
And of course, the moral of this is to make sure your systems are configured to receive and apply updates as soon as they are released.