The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory describing over 50 tactics, techniques, and procedures (TTP) applied by Chinese state-sponsored cyber actors targeting the United States and allied networks. The advisory also details general mitigations to protect against these cyber threats.
One significant tactic described in the advisory includes the exploitation of public vulnerabilities within days of their public disclosure, often in major applications, such as Pulse Secure, Apache, F5 Big-IP, and Microsoft products. This advisory provides specific mitigations for detailed tactics and techniques aligned to the recently released, NSA-funded MITRE D3FEND framework.
General mitigations outlined include prompt patching; enhanced monitoring of network traffic, email, and endpoint systems; and the use of protection capabilities, such as antivirus software and strong authentication, to stop malicious activity.
The advisory is broken into three parts: an overview of this nation-state threat for executive decision-makers, a deep dive into the techniques used when targeting the U.S. and allied networks, and a table providing a visualization of the malicious activity for net defenders, mapped to the MITRE ATT&CK framework.
According to a press release:
Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives.
The information in this advisory builds on NSA’s previous release “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities.” The NSA, CISA, and FBI recommended mitigations empower our customers to reduce the risk of Chinese malicious cyber activity, and increase the defensive posture of their critical networks.