12:00am, 25 May 2023
TLP Rating:
PRC cyber actor targeting US critical infrastructure – guidance to assist detection
The National Cyber Security Centre (NCSC) has joined international partners in publishing a technical advisory to highlight malicious cyber activity associated with a People’s Republic of China (PRC) state-sponsored cyber actor.
Joint advisory: PRC state-sponsored cyber actor living off the land to evade detection [PDF, 723 KB]
What's happening
Systems affected
The activity has been observed affecting networks across critical infrastructure sectors in the United States. The techniques described could also be used to impact other sectors and regions.
What this means
One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses a system’s built-in network administration tools to achieve malicious objectives while avoiding detection.
What to look for
How to tell if you're at risk
This advisory is intended to help New Zealand critical infrastructure operators and cyber defenders detect this activity. Organisations should review the TTPs described to assess potential exposure.
What to do
Prevention
The NCSC is using its own cyber defence resources, including its Malware Free Networks capability, to support efforts to detect and disrupt this activity.
If an organisation identifies malicious activity after reviewing this advisory, they should contact the National Cyber Security Centre.
More information
Joint advisory: PRC state-sponsored cyber actor living off the land to evade detection [PDF, 723 KB],
For queries related to this advisory, please contact: info@ncsc.govt.nz
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.