At first glance, last week’s advisory on state-sponsored China cyberattacks by the FBI and the Cybersecurity and Infrastructure Security Agency is nothing new. It outlines the tactics, techniques, and procedures they use. Plus, not every data center contains information that’s of interest to the Chinese government.
But the report should be required reading for many, if not most, people that manage security on data center networks. That’s because A) Companies that could potentially be impacted here go far beyond just those of direct strategic interest to China; B) The report includes a list of specific indicators of intrusion by if this particular set of attackers — which would help inform a response plan; and C) It includes both a set of recommended mitigation measures and contact information for the FBI and CISA offices working to address this threat who could be of assistance.
The document focuses on a China cyberattack group called APT40 and names specific individuals: three Chinese intelligence officers and one employee of a front company. The group targeted companies in several industries, including academia, aerospace, biomedical, defense industrial base, education, government, healthcare, manufacturing, maritime, research institutes, and transportation.