The Cybersecurity and Infrastructure Security Agency (CISA) joined the National Security Agency (NSA), FBI and international partners, to release a joint cybersecurity advisory on malicious activity by Chinese threat actors.
According to the release, People’s Republic of China (PRC) state-sponsored Advanced Persistent Threat (APT) actors continue to engage in a deliberate and sustained campaign to gain long-term access to critical infrastructure networks around the world.
“CISA and our partners are committed to equipping critical infrastructure owners and operators with the intelligence and tools they need to defend against sophisticated cyber threats,” Madhu Gottumukkala, acting director of CISA, said. “By exposing the tactics used by PRC state-sponsored actors and providing actionable guidance, we are helping organizations strengthen their defenses and protect the systems that underpin our national and economic security.”
According to the advisory, Chinese state-sponsored actors are exploiting vulnerabilities in routers used by telecommunications providers and other infrastructure operators. The actors often take steps to evade detection and maintain access, particularly across telecommunications, transportation, lodging and military networks.
“The FBI and our partners are committed to sharing threat intelligence and resources to counter PRC-sponsored cyber intrusions,” Assistant Director Brett Leatherman of the FBI’s Cyber Division said. “Our victim-centered approach keeps us focused on delivering intelligence and tools to those who need them most. PRC threat actors thrive in the shadows. Together with our government and private sector partners we defend the homeland by shining a light on their activity and undermining the tactics and infrastructure they rely on.”
The advisory’s recommended mitigations include patching known exploited vulnerabilities, enabling centralized logging, and securing edge infrastructure. As a global threat, CISA and its partners said all organizations, especially those in critical infrastructure, should review the advisory, hunt for signs of compromise and implement recommended mitigations as soon as possible.