The Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC-UK), together with federal and international partners, have released a new cybersecurity advisory titled “Defending Against China-Nexus Covert Networks of Compromised Devices.” This advisory equips network defenders with vital tools and resources to combat the threat posed by Chinese government-linked threat actors’ use of covert networks of compromised devices.
“Working closely with U.S. and international partners, CISA continues to identify and warn organizations of Chinese state-sponsored cyber actors threatening critical infrastructure. This advisory informs organizations of how these actors are strategically using numerous, evolving covert networks at scale for malicious cyber activity,” said CISA Acting Director Nick Andersen. “CISA strongly encourages organizations to review and implement appropriate mitigation measures to defend their devices from this threat. Every day, CISA works to empower organizations with actionable information to strengthen their security and resilience against cyber threats.”
The advisory explains how attackers create hidden networks by taking advantage of weak devices, like those used at home or in small offices, as well as Internet of Things (IoT) gadgets. It also describes how groups such as Volt Typhoon and Flax Typhoon use large groups of hijacked devices, called botnets, to hide who they are and carry out spying, break-ins, controlling devices, and stealing data.
Cyber defenders are provided with comprehensive guidance to identify, baseline, and mitigate activity from dynamic and deniable covert networks, aimed at reducing the risk of organizational compromise.
To strengthen defenses, CISA and partners advise organizations to:
- Map and understand network edge devices, developing a clear understanding of organizational assets and what should be connected to them.
- Baseline normal connections, especially to corporate VPNs or other similar services.
- Maintain log collection and storage solutions to assist with detecting and responding to unauthorized access attempts.
- Implement multifactor authentication for remote connections.
Visit CISA’s China Threat Overview and Advisories page for details on Chinese government-linked threat actors. For edge device security resources, see CISA’s Edge Device Security page.
This advisory is co-sealed by Federal Bureau of Investigation, National Security Agency, Department of Defense Cyber Crime Center and agencies from Australia, Canada, Germany, Netherlands, New Zealand, Japan, Spain, and Sweden.
The original announcement can be found here.
