The U.S. Cybersecurity & Infrastructure Security Agency (CISA) released guidelines for network engineers, defenders, and organizations with enterprise-grade networking equipment as part of its continuing investigation into the People’s Republic of China’s (PRC’s) massive cyber espionage campaign. While the agency has released general guidelines for increased visibility and hardening that apply to any network, it also had a section labeled ‘Cisco-Specific Guidance.’
According to the document, “authoring agencies have observed Cisco-specific features often being targeted by, and associated with, these PRC cyber threat actors’ activity.” Aside from the recommendations mentioned, CISA also linked to Cisco’s IOS XE Hardening Guide and Guide to Securing NX-OS Software Devices. This shows that the networking company is likely aware of its vulnerabilities and is taking steps to help protect its customers from those who need it without removing features that make it easier for others who don’t need more stringent security to use its products.
CISA acknowledges Cisco and Google Cloud Security in the guideline document, which shows how the private sector cooperates with the U.S. government to help protect its network systems. Furthermore, this warning isn’t limited to the U.S., as other cybersecurity and counter-espionage agencies from other allied countries, specifically Australia, Canada, and New Zealand, are also participating in the investigation that the U.S. is leading.
This warning was made about a month after the U.S. CISA announced that PRC-affiliated actors were targeting eight commercial telecommunications providers across the U.S., which was suspected to have started as far back as 2022. It said the attackers exfiltrated customer call records, compromised the private communications of some high-value targets in government and politics, and copied information related to U.S. court proceedings.
The good news is that these activities are seemingly bound to the existing weaknesses of the target infrastructure, which are known to the authorities and manufacturers of the affected devices, which seem to be mostly Cisco networking equipment. CISA says that you could secure your network and prevent being targeted by these threat actors by patching the affected devices and services and ensuring your environment by following its released guidelines.
