Today, CISA, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Partners of this publication include:
U.S. Department of Energy (DOE)
U.S. Environmental Protection Agency (EPA)
U.S. Transportation Security Administration (TSA)
U.S. Department of Treasury
Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)
Canadian Centre for Cyber Security (CCCS) a part of the Communications Security Establishment (CSE)
United Kingdom’s National Cyber Security Centre (NCSC-UK)
New Zealand’s National Cyber Security Centre (NCSC-NZ)
The U.S. authoring agencies assess that the PRC-sponsored advanced persistent threat group known as “Volt Typhoon” are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The fact sheet warns critical infrastructure leaders of the urgent risk posed by Volt Typhoon and provides guidance on specific actions to prioritize the protection of their organization from this threat activity.
CISA and its partners strongly urge critical infrastructure organizations leaders to read the guidance provided in the joint fact sheet to defend against this threat. For more information on Volt Typhoon related activity, see PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. To learn more about secure by design principles and practices, visit Secure by Design.