CISA Warning: China-Led Cyberattacks Target Network Service Providers
People’s Republic of China (PRC) state-sponsored cyber actors are exploiting publicly known vulnerabilities to establish a broad network of compromised infrastructure, according to a warning published June 7, 2022 by the Cybersecurity & Infrastructure Agency (CISA). These actors are using the network to exploit network service providers and other public and private sector organizations worldwide.
PRC state-sponsored cyber actors exploit vulnerabilities to compromise unpatched network devices, according to CISA. These devices serve as access points to route command and control (C2) traffic and act as midpoints to conduct network intrusions on various entities.
Several vulnerabilities have provided PRC state-sponsored cyber actors with the ability to exploit and gain access to myriad network devices over the past few years, CISA pointed out. Meanwhile, many organizations did not patch their network device software regularly during this period, resulting in data breaches.
How to Protect Against PRC State-Sponsored Cyber Actors
CISA and other government agencies are urging organizations to apply the following mitigations to guard against PRC state-sponsored cyber actors:
- Update and patch systems regularly.
- Immediately remove and isolate any devices that may be compromised from a network.
- Segment networks to limit or stop lateral movement.
- Deactivate unused or unnecessary network services, ports, protocols and devices.
- Enforce multi-factor authentication (MFA) for all end-users and on all virtual private network (VPN) connections.
- Implement strict password requirements.
- Back up sensitive data regularly.
- Isolate internet-facing services in a network demilitarized zone (DMZ) to limit an internal network’s exposure to cyber threats.
- Log internet-facing services and monitor logs for indicators of compromise.
- Set up dedicated management systems and accounts for system administrators.
- Log and review access to network infrastructure, configuration changes and critical infrastructure services.
PRC state-sponsored cyber actors are evolving and adapting their tactics to bypass security tools, CISA noted. As such, organizations must remain proactive to keep pace with these actors.