The UK’s National Cyber Security Center (NCSC) and several other international security agencies have issued new advisories warning the public against Chinese cyber activity targeting critical US national infrastructure networks.
According to this document, associated actors from the People’s Republic of China (PRC) employed advanced tactics to evade detection while performing malicious activity. These tactics could also be used on critical infrastructure outside the United States.
Read more about China-US cyber ties: China issues ban on US chipmaker products
Attackers gained initial access by exploiting public-facing applications, specifically Earthworm and PortProxy.
It then establishes a long-term presence using backdoor web servers with web shells, including Awen web shell variants, to ensure persistence and maintain control over compromised systems. We used different methods.
To evade detection, cyber attackers employed several defensive evasion techniques, including deleting Windows event logs, system logs, and other technical artifacts.
The NCSC and other agencies in the United States, Australia, Canada, and New Zealand further added that attackers focused primarily on stealing credential access through brute force and password spray techniques.
The group believed to be behind these attacks has been identified by Secureworks as the Bronze Silhouette and described in a separate advisory.
NCSC advisories provide network defenders with technical indicators and examples of techniques used by attackers to help identify malicious activity.
“It is vital that critical national infrastructure operators take steps to prevent attackers from infiltrating their systems, as set out in our joint recommendations with our international partners,” said the NCSC. Director of Operations Paul Chichester commented:
“We strongly encourage providers of essential services in the UK to follow our guidance to detect this malicious activity and prevent continued compromise.”
The NCSC worked with the National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI) to develop this recommendation.
The Australian Cyber Security Center (ACSC) of the Australian Signals Directorate, the Canadian Cyber Security Center (CCCS) of the Communications Security Facility and the New Zealand National Cyber Security Center (NCSC-NZ) also contributed to this report.
The document’s publication comes days after Trellix’s advisory warned of intensifying cyberwarfare activity between Taiwan and China.
