China state-sponsored actors targeting CI orgs, according to NSA

On August 27, the National Security Agency (NSA) and other U.S. and foreign organizations released a joint Cybersecurity Advisory to expose advanced persistent threat (APT) actors sponsored by the Chinese government targeting telecommunications, government, transportation, lodging, and military infrastructure networks globally and outline appropriate mitigation guidance.

The malicious activity outlined in the advisory partially overlaps with cybersecurity industry reporting on Chinese state-sponsored threat actors referred to by names such as Salt Typhoon.

These activities have been linked to multiple China-based entities—including Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd.—which provide cyber products and services to China’s Ministry of State Security and People’s Liberation Army.

The CSA, “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System,” details specific tactics, techniques, and procedures (TTPs) these actors have been found using for initial exploitation, persistence, collection, and exfiltration. Indicators of compromise (IOCs) and common vulnerabilities and exposures (CVEs) exploited by the APT actors are also detailed.

Further, the report provides threat hunting guidance and specific mitigations that organizations are encouraged to implement to search for malicious activity and reduce the threat of Chinese state-sponsored and other APT actors. These recommendations are especially important for network defenders of telecommunications and critical infrastructure organizations to discover unknown intrusions and prevent undetected malicious activity on their networks. By utilizing the outlined guidance, organizations can also better provide compromise details to appropriate authorities to continue improving all parties’ understanding of initial access methods.

When threat hunting, the authoring agencies advise that organizations gain a full understanding of the APT actors’ accesses before implementing visible incident response and mitigation actions to maximize the chance of achieving full eviction from compromised networks.

This CSA is being released by the following authoring and co-sealing agencies:

• United States National Security Agency (NSA)
• United States Cybersecurity and Infrastructure Security Agency (CISA)
• United States Federal Bureau of Investigation (FBI)
• United States Department of Defense Cyber Crime Center (DC3)
• Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
• Canadian Centre for Cyber Security (Cyber Centre)
• Canadian Security Intelligence Service (CSIS)
• New Zealand National Cyber Security Centre (NCSC-NZ)
• United Kingdom National Cyber Security Centre (NCSC-UK)
• Czech Republic National Cyber and Information Security Agency (NÚKIB)
• Finnish Security and Intelligence Service (SUPO)
• Germany Federal Intelligence Service (BND)
• Germany Federal Office for the Protection of the Constitution (BfV)
• Germany Federal Office for Information Security (BSI)
• Italian External Intelligence and Security Agency (AISE)
• Italian Internal Intelligence and Security Agency (AISI)
• Japan National Cyber Office (NCO)
• Japan National Police Agency (NPA)
• Netherlands Defence Intelligence and Security Service (MIVD)
• Netherlands General Intelligence and Security Service (AIVD)
• Polish Military Counterintelligence Service (SKW)
• Polish Foreign Intelligence Agency (AW)
• Spain National Intelligence Centre (CNI)

Read the full report here.

Source: NSA

IC News delivers the situational awareness you need to get ahead and stay ahead in the IC contracting space. Subscribe today for full access to 10,000+ articles, plus new articles each weekday.