International Partners Issue PRC-related Cybersecurity Advisory

Following various investigations and observations, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint cybersecurity advisory in collaboration with additional U.S. agencies and international partners. Advanced persistent threats from the People’s Republic of China continue to put worldwide critical infrastructure networks at risk, the August 27 advisory warns.

The advisory was co-authored by more than 20 security agencies, including representation from the United Kingdom, Germany, Italy, Japan, the Netherlands and Poland.

State-sponsored malicious actors continue to threaten telecommunications, government, transportation, lodging and military infrastructure networks.

“While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge and customer edge routers, they also leverage compromised devices and trusted connections to pivot into other networks,” the advisory states. “These actors often modify routers to maintain persistent, long-term access to networks.”

Using MITRE ATT&CK frameworks, the advisory pointed to the most notable threat group names: Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807 and GhostEmperor.

“These actors often take steps to evade detection and maintain persistent access,” a CISA press release states. “The recommended mitigations in this joint advisory include patching known exploited vulnerabilities, enabling centralized logging and securing edge infrastructure.”

Sharing threat intelligence is crucial to countering cyber attacks, said FBI Cyber Division Assistant Director Brett Leatherman.

“Our victim-centered approach keeps us focused on delivering intelligence and tools to those who need them most,” he stated. “PRC threat actors thrive in the shadows.”

View the full cybersecurity advisory to learn more.