Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA-led joint cybersecurity advisory on PRC state-sponsored activity

Public Sector Action
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

CISA coordinated with NSA, FBI, and international partners to release a joint cybersecurity advisory on 2025-08-27. The guidance warns of a deliberate and sustained campaign by PRC state-sponsored APT actors seeking long-term access to critical infrastructure networks worldwide. It highlights exploitation of routers used by telecommunications and other infrastructure operators and the actors' efforts to evade detection and maintain persistent access. The advisory is intended to help defenders strengthen monitoring and apply mitigations such as KEV patching and centralized logging.

Related Happenings

CISA releases Venue Guide for dependency disruptions

Public Sector Action
First: 17.12.2025 14:00 Last: 17.12.2025 14:00 Sources 1

About this happening: **CISA** released the **Venue Guide for Mitigating Dependency Disruptions**, giving **stadium and arena owners/operators** a new resource to reduce the impact of dependency failur...

Open Happening

APT44 years-long Russian campaign targeting Western critical infrastructure

Campaign
First: 16.12.2025 14:27 Last: 16.12.2025 14:27 Sources 1

About this happening: A **years-long** Russian campaign by **APT44** targeted **Western critical infrastructure** from **2021 to 2025**, increasing the risk of credential theft and downstream network c...

Open Happening

Russian GRU critical infrastructure edge-device targeting campaign

Campaign
First: 16.12.2025 14:15 Last: 16.12.2025 14:15 Sources 1

About this happening: A Russian GRU-linked campaign targeted Western critical infrastructure and shifted in 2025 from exploiting vulnerabilities in products such as WatchGuard, Confluence, and Veeam to...

Latest development: 16.12.2025 22:13

The operation initially relied on **WatchGuard**, **Confluence**, and **Veeam** vulnerabilities for initial access, combining zero-days and known flaws. That foothold phase later gave way to targeting **misconfigured edge devices** with exposed management interfaces.

Open Happening

Pro-Russia hacktivist OT intrusion campaign against US critical infrastructure

Campaign
First: 10.12.2025 18:00 Last: 10.12.2025 18:00 Sources 1

About this happening: A coordinated **pro-Russia hacktivist** campaign is exploiting exposed **virtual network computing** connections and weak passwords to breach **operational technology (OT)** syste...

Open Happening

Pro-Russia hacktivist groups campaign expands across multiple victims

Campaign
First: 09.12.2025 14:00 Last: 09.12.2025 14:00 Sources 1

About this happening: A sustained **pro-Russia hacktivist** campaign is targeting **U.S. and global critical infrastructure**, raising disruption risk across **OT** and **SCADA** environments. The oper...

Open Happening

Timeline

  1. 27.08.2025 15:00 1 articles · 9mo ago

    CISA-led advisory on PRC state-sponsored critical infrastructure targeting

    Industry Or Public Sector Update

    CISA, NSA, FBI, and international partners released a joint cybersecurity advisory warning that PRC state-sponsored APT actors are conducting a deliberate and sustained campaign to gain long-term access to critical infrastructure networks worldwide. The guidance says the actors are exploiting vulnerabilities in routers used by telecommunications providers and other infrastructure operators, evading detection, and maintaining persistent access across telecommunications, transportation, lodging, and military networks; it recommends patching known exploited vulnerabilities (KEVs), enabling centralized logging, and securing edge infrastructure.

    Show sources
    Open in new tab