CISA, FBI, NSA Provide Tips For Countering China-Backed Cyber Threats

June 14, 2022 - The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory containing tips for defending against China-backed cyber threats.

The agencies have observed People’s Republic of China state-sponsored cyber actors exploiting “publicly known vulnerabilities in order to establish a broad network of compromised infrastructure.”

The threat actors have targeted both public and private sector organizations around the world and have executed widespread campaigns leveraging common vulnerabilities and exposures (CVEs).

“Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices,” the advisory explained.

“In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”

The government agencies recommended that critical infrastructure organizations keep products and systems patched, immediately remove, or isolate compromised devices, and segment networks to block lateral movement.

“Note that the tactics include disguising and routing malicious traffic through non-Chinese infrastructure so as to avoid suspicion, and that the Chinese government continues to exploit home routers, which is of significant concern in this era of the remote work environment,” John Riggi, national advisor for cybersecurity and risk at the American Hospital Association (AHA), explained in a separate statement.

“Remote access to sensitive patient data and medical research by off-site staff and third parties should be strictly limited and closely monitored.”

CISA’s alert highlighted multiple exploits targeted at telecommunications and network service provider organizations in particular. However, Riggi noted, the US government has observed Chinese state-sponsored cyber actors targeting the healthcare and public health sector in the past.

“According to previous U.S. government alerts, the Chinese intelligence services continue their aggressive pursuit of U.S. genetic data and medical research, including that related to precision medicine and infectious diseases,” Riggi continued.

“Patching of the identified vulnerabilities related to Chinese espionage campaigns should be implemented as soon as possible."

Since unpatched devices can serve as network entry points for cyber threat actors, implementing comprehensive patch management systems and protocols is crucial to maintaining enterprise-wide cybersecurity.