One significant tactic described in the advisory includes the exploitation of public vulnerabilities within days of their public disclosure, often in major applications, such as Pulse Secure, Apache, F5 Big-IP, and Microsoft products. This advisory provides specific mitigations for detailed tactics and techniques aligned to the recently released, NSA-funded MITRE D3FEND framework.
General mitigations outlined include prompt patching; enhanced monitoring of network traffic, email, and endpoint systems; and the use of protection capabilities, such as antivirus software and strong authentication, to stop malicious activity.
The advisory is broken into three parts: an overview of this nation-state threat for executive decision-makers, a deep dive into the techniques used when targeting the U.S. and allied networks, and a table providing a visualization of the malicious activity for net defenders, mapped to the MITRE ATT&CK framework.
According to a press release:
Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives.
The information in this advisory builds on NSA’s previous release “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities.” The NSA, CISA, and FBI recommended mitigations empower our customers to reduce the risk of Chinese malicious cyber activity, and increase the defensive posture of their critical networks.
Read the full advisory for more information.