CISA/NSA/FBI: U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity


As today’s announcement from the White House indicates, the cyber threat from the People’s Republic of China (PRC) continues to evolve and poses a real risk to the nation’s critical infrastructure, as well as businesses and organizations of all sizes at home and around the world. The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with National Security Agency (NSA) and Federal Bureau of Investigation (FBI), published new advisories to help organizations assess and harden their networks against malicious Chinese state-sponsored cyber actors.

First, CISA, NSA, and FBI published a Joint Cybersecurity Advisory (CSA) to detail various Chinese state- sponsored cyber techniques used to target U.S. and Allied networks. This advisory, “Chinese State-Sponsored Cyber Operations: Observed TTPs”, is a deep dive into the techniques used when targeting U.S. and Allied networks.

Second, CISA and FBI published a Joint Cybersecurity Advisory on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help cybersecurity practitioners identify and remediate APT40 intrusions and established footholds. This accompanies action by the U.S. Department of Justice (DOJ) today with unsealing indictments against four APT40 cyber actors for their illicit computer network exploitation (CNE) activities via front company Hainan Xiandun Technology Development Company (Hainan Xiandun).

Third, “CISA Insights: Chinese Cyber Threat Overview for Leaders” is a joint analysis from CISA, FBI, and NSA that provides recommendations to organizational public and private sector leadership to reduce the risk of cyber espionage and data theft from Chinese state-sponsored cyber actors. Chinese state-sponsored cyber actors aggressively target U.S. and Allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, emerging and key technology, intellectual property, and personally identifiable information (PII).

CISA also encourages users and administrators to review the blog post, Safeguarding Critical Infrastructure against Threats from the People’s Republic of China, by CISA Executive Assistant Director Eric Goldstein and the China Cyber Threat Overview and Advisories webpage.

CISA continues to work with our partners – both at home and abroad – to assess and identify malicious cyber activity by state-sponsored or criminals and provide the actionable information to our partners so they can protect their organization.


Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
Cell:  217-299-3954 |