The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the National Security Agency (NSA), have published a joint Cybersecurity Advisory (CSA) describing the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure. The advisory describes the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities routinely exploited by threat actors since 2020.

PRC cyber actors are known to routinely adapt and evolve their tactics to bypass defenses. According to the advisory, the U.S. government has observed “state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected.” The advisory also lists the top network device Common Vulnerabilities and Exposures (CVEs) exploited by PRC state-sponsored cyber actors and describes their tactics, techniques, and procedures (TTPs). Finally, the advisory lists recommended mitigation actions to defend against this activity. Some immediate steps organizations can implement to defend themselves are applying the available patches to your systems, replacing end-of-life infrastructure, disabling unnecessary ports and protocols, and implementing a centralized patch management program.

To report suspicious or criminal activity related to information found in advisory, contact your local FBI field office, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937, or by e-mail at [email protected]. If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at [email protected]. Access the full advisory at CISA.