The National Security Agency and several other U.S. and foreign organizations have released a joint cybersecurity advisory, or CSA, warning of China-backed advanced persistent threat actors targeting critical sectors, including government, telecommunications and military infrastructure.
The advisory aims to inform organizations worldwide about campaigns to gain long-term access to critical networks. Its other authoring agencies include the Canadian Centre for Cyber Security, Japan’s National Cyber Office and New Zealand’s National Cyber Security Centre.
The CSA, titled “Countering Chinese State-Sponsored Actors’ Compromise of Networks Worldwide to Feed Global Espionage System,” detailed techniques for initial exploitation, persistence, collection and exfiltration.
The NSA identified several groups engaged in the operations, including Sichuan Juxinhe Network Technology Co. Ltd, Beijing Huanyu Tianqiong Information Technology Co. Ltd and Sichuan Zhixin Ruijie Network Technology Co. Ltd.
To prepare for or mitigate cyberattacks, the joint report recommends patching known exploited vulnerabilities, enabling centralized logging and securing edge infrastructure.
In a statement on Wednesday, Madhu Gottumukkala, the acting director of CISA, said the agency and its partners are focused on giving critical infrastructure owners and operators the tools and information they need to protect against serious cyber threats.
“By exposing the tactics used by PRC state-sponsored actors and providing actionable guidance, we are helping organizations strengthen their defenses and protect the systems that underpin our national and economic security,” he added, referring to the East Asian country’s official name, the People’s Republic of China.