The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre NCSC-NZ have issued a joint publication warning about a widespread cyber espionage campaign by threat actors linked to the People’s Republic of China (PRC), who have targeted global telecommunications providers.
To mitigate this threat, the agencies released a guide for network engineers and defenders, focusing on improving network visibility and system hardening. Recommendations include robust monitoring for unauthorized changes, securing device configurations, and ensuring secure logging and traffic management. Network devices should be isolated with out-of-band management networks, and protocols like SSH v2 and TLS 1.3 should be used, while insecure services like Telnet should be disabled. Cisco Systems-specific advice includes disabling Smart Install and securing passwords. The agencies also encourage software manufacturers to adopt secure-by-design principles to reduce reliance on customer-implemented hardening.
CISA is hosting an informational session on the new guidance, which will cover best practices for defending against PRC-affiliated threat actors who have compromised global telecommunications networks. The session will take place on Tuesday, 10 December, at 12:30PM. To join, dial 800-857-6546 and use the passcode 1619522.