The National Cyber and Information Security Agency (NÚKIB) has joined the Joint Cyber Security Advisory issued by U.S. government security agencies and other international partners. The advisory highlights cyber actors sponsored by the People’s Republic of China (PRC) who compromise networks across the globe to establish long-term access and conduct espionage operations.
These activities partially overlap with the threat group most commonly tracked as Salt Typhoon. Incidents have been observed in the United States, Australia, Canada, New Zealand, the United Kingdom, Finland, and Poland. The Advanced Persistent Threat (APT) actors have been conducting malicious operations on a global scale since at least 2021. These operations have been linked to several PRC-based entities providing cybersecurity products and services to Chinese intelligence services (see full advisory for details). Data stolen through these operations can assist PRC intelligence in identifying and monitoring the communications and movements of their targets worldwide.
According to the findings, primary targets include telecommunications networks, transportation infrastructure, hospitality providers, and military systems. The actors focus on large backbone routers of major telecommunications service providers as well as provider edge (PE) and customer edge (CE) routers, leveraging compromised devices or trusted connections to gain further access into targeted networks. Frequently, the attackers modify routers to ensure persistent access.
The authors of the advisory urge network operators and security teams to actively hunt for malicious activity as described in the document and to implement the recommended mitigations.
The full text of the advisory is available here.
Celá zpráva
2025-08-27
