The National Security Agency (NSA), in collaboration with U.S. and allied cybersecurity agencies, has issued a joint Cybersecurity Advisory (CSA) alerting organizations to ongoing campaigns by Chinese state-sponsored APT actors. These adversaries are actively targeting critical infrastructure networks, including the telecommunications, government, transportation, lodging, and military sectors, with advanced cyber espionage operations.
Chinese APT Actors Linked to State Entities
The advisory highlights that these Chinese APT actors—sometimes identified in the cybersecurity community under names such as Salt Typhoon—are directly linked to companies working with the Chinese Ministry of State Security (MSS) and the People’s Liberation Army (PLA). Among these are Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd. These firms reportedly provide cyber capabilities that facilitate global espionage campaigns.
NSA Cybersecurity Advisory Details TTPs and Vulnerabilities
The newly released NSA cybersecurity advisory, “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System,” provides in-depth analysis of the tactics, techniques, and procedures (TTPs) leveraged by attackers. These include methods for initial exploitation, persistence, collection, and data exfiltration.
Organizations are urged to review the advisory’s list of indicators of compromise (IOCs) and commonly exploited vulnerabilities (CVEs). By leveraging these references, defenders can strengthen their detection and response strategies against critical infrastructure cyber threats.
Guidance for Defenders of Critical Infrastructure
The joint report also delivers threat hunting guidance to help organizations identify hidden intrusions and prevent prolonged, undetected malicious activity on their networks. Critical infrastructure operators—particularly in telecom and government sectors—are encouraged to implement the recommended mitigations to reduce exposure to Chinese APT cyber campaigns.
One key recommendation is that organizations fully assess adversary access before initiating visible incident response actions. This strategy increases the likelihood of fully evicting threat actors rather than triggering adaptive countermeasures that allow them to remain in compromised environments.
Collective Defense Against State-Sponsored Cyber Threats
The NSA stresses that by following the outlined mitigations, organizations can not only defend their own networks but also contribute to broader collective defense efforts. Sharing compromise details with the appropriate authorities enhances global understanding of initial access vectors and helps strengthen resilience against state-sponsored cyber threats.
This advisory underscores the growing risk posed by Chinese state-sponsored APT actors and highlights the urgent need for critical infrastructure organizations to adopt a proactive security posture.
By Jennifer Ejim
