Today, CISA, in partnership with the National Security Agency (NSA), the FBI, and international partners, released “Enhanced Visibility and Hardening Guidance for Communications Infrastructure” to provide best practices to protect against a People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers.

As WaterISAC previously reported, a threat actor associated with the PRC, Salt Typhoon, reportedly infiltrated backdoors in major telecommunication companies such as Verizon and AT&T to conduct espionage on law enforcement’s wiretapping requests and potentially exfiltrate data. The authoring agencies stress that the recommended practices found in the document will help strengthen visibility and harden network devices against this broad and significant cyber espionage campaign.

CISA and FBI recently warned of this campaign and this guide provides recommended actions to quickly identify anomalous behavior, vulnerabilities and threats, and to respond to a cyber incident. It also guides organizations to reduce existing vulnerabilities, improve secure configuration habits, and limit potential entry points. Although the document is geared towards the communications infrastructure sector, the authoring agencies encourage organizations to review and implement recommended actions in this guide. Members can visit CISA’s People's Republic of China Cyber Threat webpage to learn more about this cyber threat. Access the guide at CISA.