CISA, NSA, and FBI Issue Joint Cyber Advisory on People’s Republic of China State-Sponsored Cyber Actors Exploitation of Network Providers and Devices

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory about how the People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad infrastructure network. These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations.

The advisory titled, “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices,” details the targeting and compromise of major telecommunications companies and network service provider infrastructures and the top vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—associated with network devices routinely exploited by the cyber actors since 2020.

PRC state-sponsored cyber actors readily exploit vulnerabilities to compromise unpatched network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, which serve as additional access points and act as midpoints to conduct network intrusions on other entities. These actors also used open-source tools for reconnaissance and vulnerability scanning for further investigation and exploitation and gain initial foothold into a telecommunications organization or network service provider.

Executives and leaders at organizations of all sizes should ensure their teams apply the available patches to their systems, disable unnecessary ports and protocols, replace end-of-life infrastructure, and implement a centralized patch management system. Read advisory for complete list of recommended mitigations.

NSA, CISA, and the FBI are urging U.S. and allied governments, critical infrastructure, and private industry organizations to review the advisory, be aware of the tactics and techniques, and apply the recommended mitigations. The advisory provides a list of the most commonly exploited devices and CVEs along with an appendix of recommended mitigations tailored to observed tactics and techniques used by PRC cyber actors.

CISA is posting information on our social media platforms. We appreciate you sharing this information and/or amplifying our social media with your community of followers.


Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 |