You are here

U.S. Government Releases Several Advisories on Chinese Cyber Threat Activity (Updated July 22, 2021)

U.S. Government Releases Several Advisories on Chinese Cyber Threat Activity (Updated July 22, 2021)

Created: Thursday, July 22, 2021 - 15:13
Categories:
Cybersecurity

July 21, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) updated the Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department advisory with a caveat providing clarification on the original indicators of compromise (page 7).

July 19, 2021

Today the U.S. government released several advisories describing malicious Chinese state-sponsored cyber activity that has been directed against U.S. and Allied entities, including critical infrastructure organizations. Relatedly, the White House issued a statement calling out China for a "pattern of irresponsible behavior in cyberspace" and the real risks it poses to critical infrastructure in the U.S. and around the world. It also formally attributed the campaign that exploited zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021 to Chinese state-sponsored cyber actors.

Advisories
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) published the advisories to help organizations assess and harden their networks against malicious Chinese state-sponsored cyber actors. The advisories include:

Additionally, CISA encourages users and administrators to review the blog post, "Safeguarding Critical Infrastructure against Threats from the People’s Republic of China," by CISA Executive Assistant Director Eric Goldstein and its "China Cyber Threat Overview and Advisories" webpage.

Incident Reporting
WaterISAC encourages any members who have experienced malicious or suspicious activity related to the information contained in the advisories to email [email protected], call 866-H2O-ISAC, or use the online incident reporting form.