NSA publishes case studies on PRC tradecraft

On July 8, the National Security Agency (NSA) joined the Australian Signals Directorate (ASD) and other agencies to publish a Cybersecurity Advisory (CSA) detailing the tradecraft used by a cyber actor group associated with the People’s Republic of China (PRC) Ministry of State Security (MSS). “PRC MSS Tradecraft in Action” helps cybersecurity practitioners prevent, identify, and remediate intrusions against their own networks by sharing significant case studies of the adversary’s tactics and techniques.

The cyber actor group has targeted organizations in various countries, including the United States and Australia. The group’s activity and tradecraft overlaps with groups tracked in industry reporting as APT 40, Kryptonite Panda, GINGHAM TYPHOON, and Bronze Mohawk.

“APT 40 is a known cyber actor group that continues to practice cyber espionage and evolve its tradecraft to target government networks,” said Dave Luber, NSA’s director of cybersecurity. “NSA joins in partnership with ASD, along with other co-sealers, to address the issue and arm network defenders with the information to counter future cyber threats.”

The CSA describes how APT 40 can rapidly exploit new public vulnerabilities in widely used software. Additionally, the group has evolved its tradecraft and embraced a global trend to use compromised devices, including home office devices, as operational infrastructure. Other PRC state-sponsored actors are using the same techniques, posing a threat to networks worldwide.

The CSA also details findings from the ASD’s investigations into the successful compromise of two organizations’ networks by the cyber actor group, including the key activities observed. It describes mitigations network defenders can take, including implementing comprehensive and historical logging, promptly patching all Internet exposed devices, segmenting networks to limit or block lateral movement, closely monitoring services to ensure they are well secured, and disabling unused or unnecessary network services, ports, and protocols.

Read the full report here.

Source: NSA

Your competitors read IC News each day. Shouldn’t you? Learn more about our subscription options, and keep up with every move in the IC contracting space.