Current and former US intelligence officials have expressed serious concern regarding the bold nature and persistent use of cyber operations to infiltrate critical infrastructure networks. FBI Director Christopher Wray stated that the cyber threat posed by the Chinese government is immense. Analysts assess that there are strong indicators that recent Salt Typhoon activity may be linked to China’s Ministry of State Security, particularly APT40 (also known as Gingham Typhoon), a group known for its expertise in intelligence collection. Based on recent federal agency alerts regarding PRC state-sponsored cyber campaigns, China has escalated from surveillance-only goals toward installing offensive capabilities to disrupt critical US civilian and military infrastructure.
Recommendations
- Critical infrastructure administrators are encouraged to review analyses of recent state-sponsored cyber threat activity and apply recommendations to prevent victimization.
- Keep systems up to date and apply patches after appropriate testing.
- Utilize monitoring and detection solutions to identify suspicious login attempts and user behavior.
- Enforce the principle of least privilege, disable unused ports and services, and use web application firewalls (WAFs).
- Use strong, unique passwords for all accounts and enable MFA where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Employ a comprehensive data backup plan and ensure operational technology (OT) environments are segmented from information technology (IT) environments.
- Report cyber incidents to the FBI's IC3 and the NJCCIC.
