Joint guidance on network intrusion threats from PRC state-sponsored cyber group

From: Canadian Centre for Cyber Security

The Canadian Centre for Cyber Security (Cyber Centre) has joined the Australian Signals Directorate’s Australian Cyber Security Centre and the following international partners in releasing joint guidance to highlight and safeguard against an ongoing network intrusion threat from a cyber group associated with the People’s Republic of China (PRC) Ministry of State Security (MSS):

  • the United States Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI)
  • the United Kingdom National Cyber Security Centre (NCSC-UK)
  • the New Zealand National Cyber Security Centre (NCSC-NZ)
  • the German Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV)
  • the Republic of Korea’s National Intelligence Service (NIS) and the NIS’s National Cyber Security Center
  • Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Policy Agency (NPA)

The state-sponsored cyber group seeks to target government and private sector networks by:

  • exploiting vulnerable devices that are at the end of their life cycle, unpatched or no longer maintained
  • exploiting new public vulnerabilities in widely used software
  • using compromised devices as launching points to conduct attacks designed to blend in with legitimate network traffic

The joint guidance shares information and mitigation measures, as well as case studies that demonstrate the cyber group’s tools and tradecraft.

Organizations should safeguard against network intrusion threats by:

  • maintaining comprehensive and historical logging information
  • issuing prompt patches for all Internet-connected devices and services
  • segmenting networks and enforcing strict access control measures, particularly for Active Directory and authentication servers

Additional mitigation measures to prevent against this and similar network intrusion threats include:

  • disabling unused or unnecessary network services, ports and protocols
  • using firewalls to protect web servers and applications
  • implementing multi-factor authentication
  • replacing end-of-life equipment

Read the joint guidance PRC MSS tradecraft in action.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: