(TLP:CLEAR) Joint Cybersecurity Advisory – Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System

Summary: Yesterday, CISA and 26 other partnering federal and international agencies published a Joint Cybersecurity Advisory (CSA) titled “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System.” The joint CSA details observed tactics by Chinese advanced persistent threat (APT) actors and includes mitigations to aid detection and reduce the risk of compromise by Chinese state-sponsored cyber actors.

Analyst Note: Chinese state-sponsored actors are known to target critical infrastructure, including water and wastewater systems. In a case study from March this year, Dragos detailed its work helping a combined electric and water utility remediate the impact of a cyber attack from Volt Typhoon. It was revealed that Volt Typhoon had been in the utility’s systems for a 10-month period and that, in addition to persistence, they were aiming to exfiltrate specific data related to OT operations. While Chinese-affiliated actors have been seen to be primarily interested in espionage, these findings highlight that their apparent goals are not only for espionage. Members are encouraged to review the joint CSA and use it to help bolster defenses against this advanced threat.

Original Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

Additional Reading:

• (TLP:CLEAR) Dragos Case Study of Volt Typhoon’s Breach of a Massachusetts Electric and Water Utility

Related WaterISAC PIRs: 6, 6.1, 7, 7.1, 10, 10.2, 12