This joint guidance for network defenders focuses on how to mitigate identified gaps and to detect and hunt for LOTL activity. The information is derived from:
- a previously published joint advisory,
- incident response engagements undertaken by several of the authoring agencies,
- red team assessments by several of the authoring agencies using LOTL for undetected, persistent access, and
- collaborative efforts with industry.
Identifying and mitigating Living Off the Land (LOTL) techniques [PDF, 2.4 MB]
Authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies:
- U.S. Department of Energy (DOE)
- U.S. Environmental Protection Agency (EPA)
- U.S. Transportation Security Administration (TSA)
- Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)
- Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications
Security Establishment (CSE) - United Kingdom National Cyber Security Centre (NCSC-UK)
- New Zealand National Cyber Security Centre (NCSC-NZ)
More information
PRC-sponsored Volt Typhoon activity and supplemental living off the land advice and guidance