December 3, 2024

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and international partners published today a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, that provides best practices to protect against a People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers. The recommended practices are for network engineers and defenders of communications infrastructure to strengthen visibility and harden network devices against this broad and significant cyber espionage campaign. 

CISA and FBI recently warned of this campaign. This guide recommends actions to quickly identify anomalous behavior, vulnerabilities and threats, and to respond to a cyber incident. It also guides organizations to reduce existing vulnerabilities, improve secure configuration habits, and limit potential entry points.

“The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses. This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors,” said CISA Executive Assistant Director for Cybersecurity Jeff Greene. “Along with our US and international partners, we urge software manufacturers to incorporate Secure by Design principles into their development lifecycle to strengthen the security posture of their customers. Software manufacturers should review our Secure by Design resources and put their principles into practice.”

“Threat actors affiliated with the People’s Republic of China (PRC) are have targeted commercial telecommunications providers to compromise sensitive data and engage in cyber espionage,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “Together with our interagency partners, the FBI issued guidance to enhance the visibility of network defenders and to harden devices against PRC exploitation. We strongly encourage organizations to review and implement the recommended measures in this guide and to report suspicious activity to their local FBI field office.”

Although tailored to communications infrastructure sector, this guidance may also apply to organizations with on-premises enterprise equipment. CISA encourages all critical infrastructure organizations to implement security best practices.

For more information, visit CISA’s PRC Cyber Threat webpage.