Chinese Ministry of State Security-Affiliated Cyber Threat Actor ActivityCISA All NCAS Products

Posted 4 years ago by

Original release date: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with varying degrees of skill—routinely using open-source information to plan and execute cyber operations. CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks to characterize the TTPs used by Chinese MSS-affiliated actors. This product was written by CISA with contributions by the Federal Bureau of Investigation (FBI).

Key Takeaways

Chinese MSS-affiliated cyber threat actors use open-source information to plan and conduct cyber operations.
Chinese MSS-affiliated cyber threat actors use readily available exploits and exploit toolkits to quickly engage target networks.
Maintaining a rigorous patching cycle continues to be the best defense against the most frequently used attacks.
If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network.
This Advisory identifies some of the more common—yet most effective—TTPs employed by cyber threat actors, including Chinese MSS-affiliated cyber threat actors.

Click here for a PDF version of this report.

This product is provided subject to this Notification and this Privacy & Use policy.Original release date: September 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with varying degrees of skill—routinely using open-source information to plan and execute cyber operations. CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks to characterize the TTPs used by Chinese MSS-affiliated actors. This product was written by CISA with contributions by the Federal Bureau of Investigation (FBI).

Key Takeaways

  • Chinese MSS-affiliated cyber threat actors use open-source information to plan and conduct cyber operations.
  • Chinese MSS-affiliated cyber threat actors use readily available exploits and exploit toolkits to quickly engage target networks.
  • Maintaining a rigorous patching cycle continues to be the best defense against the most frequently used attacks.
  • If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network.
  • This Advisory identifies some of the more common—yet most effective—TTPs employed by cyber threat actors, including Chinese MSS-affiliated cyber threat actors.

Click here for a PDF version of this report.

This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply