CISA/FBI/NSA PRC network persistence mitigation advisory
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CISA, the FBI, and the NSA issued mitigation guidance for defenders facing PRC-linked actors that persist inside networks and move laterally through routers and authentication infrastructure. The advisory urges telecommunications, government, transportation, lodging, and defense organizations to prioritize protections after activity tied to Salt Typhoon and related APTs. The agencies say the actors have had success exploiting publicly known vulnerabilities and then modifying devices to maintain access. Defenders are told to monitor configuration changes, audit tunnels and services, hunt protocol patterns, check logs, and verify firmware and software integrity.
Related Happenings
CISA KEV directive for CVE-2026-20133
Public Sector Action
First: 21.04.2026 15:30
Last: 21.04.2026 15:30
Sources 1
About this happening:
On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV directive for CVE-2026-20133
Public Sector ActionAbout this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
First: 08.04.2026 21:15
Last: 08.04.2026 21:15
Sources 1
About this happening:
**CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA April 7 Rockwell Automation/Allen-Bradley PLC mitigation advisory
Advisory/Mitigation
First: 08.04.2026 11:15
Last: 08.04.2026 11:15
Sources 1
About this happening:
**CISA** and authoring agencies issued **April 7** mitigation guidance for **internet-facing OT assets**, warning that **US critical infrastructure** operators using **Rockwell Au...
CISA April 7 Rockwell Automation/Allen-Bradley PLC mitigation advisory
Advisory/MitigationAbout this happening: **CISA** and authoring agencies issued **April 7** mitigation guidance for **internet-facing OT assets**, warning that **US critical infrastructure** operators using **Rockwell Au...
FBI/CISA joint advisory on PLC targeting
Public Sector Action
First: 07.04.2026 21:02
Last: 07.04.2026 21:02
Sources 1
About this happening:
The **FBI, CISA, NSA, EPA, DOE, and CNMF** issued a **joint advisory** warning U.S. critical-infrastructure defenders about **Internet-exposed Rockwell/Allen-Bradley PLCs**. The a...
FBI/CISA joint advisory on PLC targeting
Public Sector ActionAbout this happening: The **FBI, CISA, NSA, EPA, DOE, and CNMF** issued a **joint advisory** warning U.S. critical-infrastructure defenders about **Internet-exposed Rockwell/Allen-Bradley PLCs**. The a...
CISA urges Intune hardening for U.S. organizations
Public Sector Action
First: 19.03.2026 13:02
Last: 19.03.2026 13:02
Sources 1
About this happening:
**CISA** urged **U.S. organizations** to harden **Microsoft Intune** and related endpoint management controls after the **Stryker** attack showed how those systems could be abused...
CISA urges Intune hardening for U.S. organizations
Public Sector ActionAbout this happening: **CISA** urged **U.S. organizations** to harden **Microsoft Intune** and related endpoint management controls after the **Stryker** attack showed how those systems could be abused...
Timeline
-
28.08.2025 03:00 2 articles · 9mo ago
CISA, FBI, and NSA issue PRC network persistence advisory
Initial DisclosureCISA, the FBI, the NSA, and partner governments issued a joint advisory warning that PRC-backed actors associated with Salt Typhoon are targeting telecommunications, government, transportation, lodging, and defense networks, often by exploiting publicly known flaws such as CVE-2024-21887, CVE-2024-3400, CVE-2023-20273, CVE-2023-20198, and CVE-2018-0171 to gain persistent access, modify routers and ACLs, and move laterally through authentication infrastructure. The guidance urges defenders to monitor network device configuration changes, audit tunnels and services, check logs, hunt actor-favored protocol patterns, and verify firmware and software integrity.
Show sources
- CISA, FBI, NSA Warn of Chinese 'Global Espionage System' — www.darkreading.com — 28.08.2025 23:10
- CISA, FBI, NSA Warn of Chinese 'Global Espionage System' — www.darkreading.com — 28.08.2025 23:10