NSA, CISA, and FBI Expose PRC State-Sponsored Exploitation of Network Providers, Devices
written byShashidhar CN
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) today, “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices.” The advisory highlights how People’s Republic of China (PRC) actors have targeted and compromised major telecommunications companies and network service providers primarily by exploiting publicly known vulnerabilities. Networks affected have ranged from small office/home office (SOHO) routers to medium and large enterprise networks.
The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns. Exploiting these vulnerabilities has allowed them to establish broad infrastructure networks to exploit a wide range of public and private sector targets.
General mitigations outlined in the advisory include: applying patches as soon as possible, disabling unnecessary ports and protocols, and replacing end-of-life network infrastructure. NSA, CISA, and FBI also recommend segmenting networks and enabling robust logging of internet-facing services and network infrastructure accesses.
The advisory is broken down into three sections: an explanation of common vulnerabilities exploited by PRC state-sponsored cyber actors, an introduction of how telecommunications and network service provider targeting occurred through open source and custom tools, and an overview of recommended mitigations.
The information in this advisory complements NSA’s previous releases, Chinese State-Sponsored Cyber Operations: Observed TTPs and Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities, and continues to highlight the cross-organizational partnerships between NSA, CISA, and FBI in protecting U.S. critical systems against PRC cyber actors. Read the full advisory for more details about this malicious cyber activity and how to take action against it to prevent further exploitation.