The Canadian Centre for Cyber Security (Cyber Centre) has joined the United Kingdom’s National Cyber Security Centre (NCSC), UK industry and the following international partners in releasing a cyber security advisory on defending against the People’s Republic of China (PRC)-linked covert networks.
- Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)
- Germany Federal Office for the Protection of the Constitution - (BfV)
- Germany’s Federal Intelligence Service (BND)
- Germany’s Federal Office for Information Security (BSI)
- Japan’s National Cybersecurity Office (NCO)
- The Netherlands General Intelligence and Security Service (AIVD)
- The Netherlands Defence Intelligence and Security Service (MIVD)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- Spain’s National Cryptologic Centre (CCN)
- Sweden’s National Cyber Security Centre (NCSC-SE)
- The United States’ Cybersecurity and Infrastructure Security Agency (CISA)
- The United States’ Department of Defense Cyber Crime Center (DC3)
- The United States’ Federal Bureau of Investigation (FBI)
- The United States’ National Security Agency (NSA)
Covert networks are often made up of vulnerable everyday Internet-connected edge devices that have been compromised. PRC-linked threat actors have shifted their tactics, techniques and procedures (TTPs) to leverage externally provisioned, large-scale networks of compromised devices to target critical sectors, steal sensitive data and maintain persistent access.
This joint advisory describes how covert networks used by PRC-linked threat actors are being created and maintained , externally, by Chinese information security companies. It provides insight into the TTPs threat actors use and provides comprehensive mitigation advice to help protect systems from malicious activity from covert networks.
The joint advisory also warns of a key issue for network defenders: indicator of compromise (IOC) extinction. This occurs when IOCs disappear as quickly as they are discovered and requires network defenders to deploy more adaptive, intelligence-driven measures to mitigate the risks.
Read the full joint guidance: International cyber agencies share fresh advice to defend against China-linked covert networks