Brian Sims
Editor
Brian Sims
Editor
THE UK and agencies in the US, Australia, Canada and New Zealand have issued new advice designed to help organisations detect China state-sponsored activity being carried out against Critical National Infrastructure networks.
In the new joint advisory, the National Cyber Security Centre – itself a part of GCHQ – and a group of international partners highlight how recent activity has targeted networks across critical infrastructure sectors in the US and how the exact same techniques could well be applied worldwide.
The actor has been observed taking advantage of built-in network administration tools on targets’ systems in order to evade detection after an initial compromise.
The advisory provides technical indicators of compromise and examples of techniques deployed by the actor in a bid to help network defenders identify the malicious activity.
Paul Chichester, director of operations at the NCSC, observed: “It’s vital that the operators of Critical National Infrastructure take action to prevent attackers hiding on their systems. We strongly encourage providers of UK essential services to follow our guidance such that they can then detect this malicious activity and prevent persistent compromise.”
The advisory has been jointly issued by the NCSC, the US National Security Agency, the US Cyber Security and Infrastructure Security Agency, the US Federal Bureau of Investigation, the Australian Signals Directorate’s Australian Cyber Security Centre, the Communications Security Establishment’s Canadian Centre for Cyber Security and the New Zealand National Cyber Security Centre.
The advisory can be found by accessing the National Security Agency’s website.
For its part, the NCSC has published a range of guidance to help Critical National Infrastructure organisations protect themselves online. This includes the Cyber Assessment Framework, which is purpose-designed to help organisations effectively manage cyber risk.