On August 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory entitled “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System.” The Advisory warns that People’s Republic of China (PRC) sponsored advanced persistent threat (APT) actors “are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks.”
The Advisory warns that the threat actors have modified routers to “maintain persistent, long-term access to networks.” This is clearly in response to the Salt Typhoon intrusions into the telecommunications industry.
The Advisory was authored by numerous U.S. intelligence and national security agencies, as well as intelligence and security agencies in Australia, Canada, New Zealand, United Kingdom, Czech Republic, Finland, Germany, Italy, Japan, Netherlands, Poland, and Spain. “The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese state-sponsored and other malicious cyber activity.”
The Advisory provides a downloadable list of indicators of compromise, information about technical details, persistence, lateral movement and collection, exfiltration and mitigations. Cybersecurity professionals may wish to consider reviewing the Advisory since it makes clear that APT actors will continue to target and compromise additional accounts and to perform lateral movement. The Advisory provides threat hunting guidance to critical infrastructure organizations, “especially telecommunications organizations.”
This weighty Advisory is well worth the read.
[View source.]
