The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) accused the People’s Republic of China’s government of conducting malicious cyber activity to exploit vulnerabilities in American computers and other networked devices.
The agencies released a cybersecurity advisory, “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices.”
“The advisory highlights how People’s Republic of China (PRC) actors have targeted and compromised major telecommunications companies and network service providers primarily by exploiting publicly known vulnerabilities,” the agencies said. “Networks affected have ranged from small office/home office (SOHO) routers to medium and large enterprise networks.”
The Biden administration launched a multi-part strategy to shame China into halting its digital malfeasance more than a year ago, but the communist empire continues to operate as a digital security adversary.
An unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – joined the United States in exposing and criticizing China’s malicious and irresponsible behavior in cyberspace.
“The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns,” according to the joint statement. “Exploiting these vulnerabilities has allowed them to establish broad infrastructure networks to exploit a wide range of public and private sector targets.”
Among the fixes outlined in the advisory are recommendations for applying patches as soon as possible, disabling unnecessary ports and protocols, and replacing end-of-life network infrastructure.
NSA, CISA, and FBI also recommend segmenting networks and enabling robust logging of internet-facing services and network infrastructure accesses.
The advisory is broken down into three sections: an explanation of common vulnerabilities exploited by PRC state-sponsored cyber actors, an introduction of how telecommunications and network service provider targeting occurred through open source and custom tools, and an overview of recommended mitigations.
The information in this advisory complements NSA’s previous releases, Chinese State-Sponsored Cyber Operations: Observed TTPs and Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities, and continues to highlight the cross-organizational partnerships between NSA, CISA, and FBI in protecting U.S. critical systems against PRC cyber actors.
Read the full advisory for more details about this malicious cyber activity and how to take action against it to prevent further exploitation.
For additional cybersecurity advisories, visit NSA.gov/Cybersecurity-guidance.