The Cybersecurity and Infrastructure Security Agency (CISA) joined the United Kingdom’s National Cyber Security Centre and other federal and international partners to release a new cybersecurity advisory about China.
The advisory, “Defending Against China-Nexus Covert Networks of Compromised Devices,” is intended to give network defenders tools and resources to combat the threat posed by Chinese government-linked threat actors’ use of covert networks of compromised devices.
“Working closely with U.S. and international partners, CISA continues to identify and warn organizations of Chinese state-sponsored cyber actors threatening critical infrastructure. This advisory informs organizations of how these actors are strategically using numerous, evolving covert networks at scale for malicious cyber activity,” CISA Acting Director Nick Andersen said. “CISA strongly encourages organizations to review and implement appropriate mitigation measures to defend their devices from this threat. Every day, CISA works to empower organizations with actionable information to strengthen their security and resilience against cyber threats.”
According to the advisory, attackers create hidden networks by taking advantage of weak devices, like those in homes or small offices, as well as Internet of Things gadgets. The advisory goes on to say groups like Volt Typhoon and Flax Typhoon use large groups of hijacked devices to hide who they are and carry out spying, break-ins, device control and data stealing.
CISA and its partners advise organizations to map and understand network edge devices, and to baseline normal connections, as well as maintaining log collection and storage solutions to assist with detecting and responding to unauthorized access attempts, and implementing multifactor authentication for remote connections.