The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the FBI, along with international partners, released a joint cybersecurity advisory on Wednesday sharing technical details regarding malicious activity by a People’s Republic of China (PRC) state-sponsored cyber actor.
The advisory provides critical infrastructure organizations and the cybersecurity community new insights into the specific tactics, techniques, and procedures used by PRC cyber actors to gain and maintain persistent access to critical infrastructure networks.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” CISA Director Jen Easterly said in a press release. “Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity.”
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK) collaborated with CISA, NSA, and the FBI to publish the joint cybersecurity advisory.
“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems, as described in this joint advisory with our international partners,” said Paul Chichester, NCSC director of operations.
“The Canadian Centre for Cyber Security (part of the Communications Security Establishment) joins its international partners in sharing this newly identified threat and accompanying mitigation measures with critical infrastructure sectors,” said Sami Khoury, head of the Canadian Centre for Cyber Security. “The interconnected nature of our infrastructures and economies highlights the importance of working together with our allies to identify and share real-time threat information.”
In addition, the advisory provides technical information that can be used by network defenders to hunt for malicious cyber activity on their network, including a summary of relevant indicators of compromise for quick reference.
It also offers organizations recommendations, including that mitigations align with the Cross-Sector Cybersecurity Performance Goals developed by CISA to help organizations prioritize their investments to reduce risk most effectively.
In the advisory, CISA, NSA, FBI, and their international partners urged U.S. and allied governments, critical infrastructure organizations, and private sector organizations to apply the recommended mitigations to strengthen their defenses and reduce the threat of compromise from PRC state-sponsored malicious cyber actors.