[CDP-development] FYSA - U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity

Mon Jul 19 10:12:02 PDT 2021

For Your Situational Awareness (FYSA)

INTENDED FOR WIDEST DISTRIBUTION

Critical Infrastructure Partners,

As today's announcement <https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/> from the White House indicates, the cyber threat from the People's Republic of China (PRC) continues to evolve and poses a real risk to the nation's critical infrastructure, as well as businesses and organizations of all sizes at home and around the world. The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with National Security Agency (NSA) and Federal Bureau of Investigation (FBI), published new advisories to help organizations assess and harden their networks against malicious Chinese state-sponsored cyber actors.

First, CISA, NSA, and FBI published a Joint Cybersecurity Advisory <https://us-cert.cisa.gov/ncas/alerts/aa21-200b> (CSA) to detail various Chinese state- sponsored cyber techniques used to target U.S. and Allied networks. This advisory, "Chinese State-Sponsored Cyber Operations: Observed TTPs", is a deep dive into the techniques used when targeting U.S. and Allied networks.

Second, CISA and FBI published a Joint Cybersecurity Advisory <https://us-cert.cisa.gov/ncas/alerts/aa21-200a> on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40's tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help cybersecurity practitioners identify and remediate APT40 intrusions and established footholds. This accompanies action by the U.S. Department of Justice (DOJ) today with unsealing indictment<https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion>s against four APT40 cyber actors for their illicit computer network exploitation (CNE) activities via front company Hainan Xiandun Technology Development Company (Hainan Xiandun).

Third, "CISA Insights: Chinese Cyber Threat Overview for Leaders<https://www.cisa.gov/publication/chinese-cyber-threat-overview-leaders>" is a joint analysis from CISA, FBI, and NSA that provides recommendations to organizational public and private sector leadership to reduce the risk of cyber espionage and data theft from Chinese state-sponsored cyber actors. Chinese state-sponsored cyber actors aggressively target U.S. and Allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, emerging and key technology, intellectual property, and personally identifiable information (PII).

CISA also encourages users and administrators to review the blog post, Safeguarding Critical Infrastructure<https://www.cisa.gov/blog/2021/07/19/safeguarding-critical-infrastructure-against-threats-peoples-republic-china> against Threats from the People's Republic of China, <https://www.cisa.gov/blog/2021/07/19/safeguarding-critical-infrastructure-against-threats-peoples-republic-china> by CISA Executive Assistant Director Eric Goldstein and the China Cyber Threat Overview and Advisories <http://www.us-cert.cisa.gov/china> webpage.

CISA continues to work with our partners - both at home and abroad - to assess and identify malicious cyber activity by state-sponsored or criminals and provide the actionable information to our partners so they can protect their organization.

We encourage you to share this information widely.

Respectfully,

Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Sector.Partnership at CISA.DHS.GOV<mailto:Sector.Partnership at CISA.DHS.GOV>

[cid:image001.jpg at 01D77C93.C190FBA0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20210719/01b1a8da/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1844 bytes
Desc: image001.jpg
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20210719/01b1a8da/attachment.jpg>