Joint advisory on PRC state-sponsored actors compromising and maintaining persistent access to U.S. critical infrastructure and joint guidance on identifying and mitigating living off the land

The Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. (the Cyber Centre) has joined the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the following international partners in releasing a cyber security advisory on PRC state-sponsored actors malicious cyber activity targeting critical infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. using living off the land (LOTL) techniques:

  • Australian Cyber Security Centre (ACSC)
  • New Zealand National Cyber Security Centre (NCSC-NZ)
  • United Kingdom (UK) National Cyber Security Centre (NCSC-UK)

This joint cyber security advisory, PRC State-Sponsored Actors Compromise CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability. and Maintain Persistent Access to U.S. Critical Infrastructure, warns that PRC state-sponsored cyber actors are seeking to pre-position for disruptive or destructive cyber attacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. CISA and the Cyber Centre have released this guidance alongside the ASCS and the NCSC-UK.

The Cyber Centre assesses that the direct threat to Canada's critical infrastructure from PRC state-sponsored actors is likely lower than that to U.S. infrastructure, but should U.S. infrastructure be disrupted, Canada would likely be affected as well, due to cross-border integration.

Accompanying guidance has also been released by CISA, NSA, ACSC, and NCSC-UK. Identifying and Mitigating Living Off the Land provides insight into techniques and common gaps in network defence capabilities.

Cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. actors leveraging LOTL abuse native tools and processes on systems. They use LOTL in multiple IT environments, including on-premises, cloud and hybrid. LOTL enables cyber threat actors to conduct their operations discreetly as they can camouflage activity with typical system and network behaviour, potentially circumventing basic endpoint security capabilities.

We are releasing this joint guidance for network defenders (including threat hunters) due to the identification of cyber threat actors, including the People’s Republic of China (PRC) and Russian Federation state-sponsored actors, using LOTL in compromised critical infrastructure organizations.

Read the joint guidance and advisory:

Date modified: