Summary:
PRC government-backed cyber actors, employed by the Ministry of State Security (MSS) and People's Liberation Army (PLA), are conducting bulk compromises of global networks in order to facilitate a vast espionage system. These operators, which overlap with industry-tracked entities such as Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor, have been active at least from 2021. They cooperate with China-based entities such as Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd., which peddle cyber tools and services to PRC intelligence agencies.

• The full report in its entirety is available here. There is also a PDF version available:
  https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

Security Officer Comments:
The primary objectives are to steal confidential information from telecommunication providers, internet service providers (ISPs), governmental agencies, transport and hospitality industries, and military bases for purposes of monitoring individuals' communications, movements, and activities for strategic, economic, and military advantage.

• We uploaded the report to LevelBlue/OTX to our IT-ISAC group. It is available here: https://otx.alienvault.com/pulse/68af4fb1c44c62e31eb1b4df

Suggested Corrections:
Network defenders should implement robust network monitoring, patch management, and multifactor authentication (MFA) to mitigate risks from PRC state-sponsored cyber actors, alongside adopting zero-trust architectures and advanced endpoint detection and response (EDR) solutions to protect critical infrastructure.

Link(s):
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a