9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.419 Medium
EPSS
Percentile
97.3%
attack.mitre.org/versions/v14/techniques/T1082/
attack.mitre.org/versions/v14/techniques/T1082/
attack.mitre.org/software/S0357/
attack.mitre.org/techniques/T1090/
attack.mitre.org/techniques/T1090/001/
attack.mitre.org/techniques/T1090/001/
attack.mitre.org/versions/v14/matrices/enterprise/
attack.mitre.org/versions/v14/software/S0002/
attack.mitre.org/versions/v14/tactics/TA0001/
attack.mitre.org/versions/v14/tactics/TA0003/
attack.mitre.org/versions/v14/tactics/TA0005/
attack.mitre.org/versions/v14/tactics/TA0008/
attack.mitre.org/versions/v14/tactics/TA0009/
attack.mitre.org/versions/v14/tactics/TA0010/
attack.mitre.org/versions/v14/tactics/TA0010/
attack.mitre.org/versions/v14/tactics/TA0043/
attack.mitre.org/versions/v14/techniques/T1003/001/
attack.mitre.org/versions/v14/techniques/T1003/001/
attack.mitre.org/versions/v14/techniques/T1003/003/
attack.mitre.org/versions/v14/techniques/T1003/003/
attack.mitre.org/versions/v14/techniques/T1006/
attack.mitre.org/versions/v14/techniques/T1006/
attack.mitre.org/versions/v14/techniques/T1007/
attack.mitre.org/versions/v14/techniques/T1007/
attack.mitre.org/versions/v14/techniques/T1010/
attack.mitre.org/versions/v14/techniques/T1010/
attack.mitre.org/versions/v14/techniques/T1012/
attack.mitre.org/versions/v14/techniques/T1012/
attack.mitre.org/versions/v14/techniques/T1016/
attack.mitre.org/versions/v14/techniques/T1016/001/
attack.mitre.org/versions/v14/techniques/T1016/001/
attack.mitre.org/versions/v14/techniques/T1021/001/
attack.mitre.org/versions/v14/techniques/T1021/001/
attack.mitre.org/versions/v14/techniques/T1021/007/
attack.mitre.org/versions/v14/techniques/T1021/007/
attack.mitre.org/versions/v14/techniques/T1027/002/
attack.mitre.org/versions/v14/techniques/T1027/002/
attack.mitre.org/versions/v14/techniques/T1033/
attack.mitre.org/versions/v14/techniques/T1033/
attack.mitre.org/versions/v14/techniques/T1036/005/
attack.mitre.org/versions/v14/techniques/T1036/005/
attack.mitre.org/versions/v14/techniques/T1046/
attack.mitre.org/versions/v14/techniques/T1046/
attack.mitre.org/versions/v14/techniques/T1047/
attack.mitre.org/versions/v14/techniques/T1047/
attack.mitre.org/versions/v14/techniques/T1048/
attack.mitre.org/versions/v14/techniques/T1048/
attack.mitre.org/versions/v14/techniques/T1057/
attack.mitre.org/versions/v14/techniques/T1057/
attack.mitre.org/versions/v14/techniques/T1059/
attack.mitre.org/versions/v14/techniques/T1059/
attack.mitre.org/versions/v14/techniques/T1059/001/
attack.mitre.org/versions/v14/techniques/T1059/001/
attack.mitre.org/versions/v14/techniques/T1059/004
attack.mitre.org/versions/v14/techniques/T1059/004
attack.mitre.org/versions/v14/techniques/T1068/
attack.mitre.org/versions/v14/techniques/T1068/
attack.mitre.org/versions/v14/techniques/T1069/
attack.mitre.org/versions/v14/techniques/T1069/
attack.mitre.org/versions/v14/techniques/T1070/001/
attack.mitre.org/versions/v14/techniques/T1070/001/
attack.mitre.org/versions/v14/techniques/T1070/004/
attack.mitre.org/versions/v14/techniques/T1070/009/
attack.mitre.org/versions/v14/techniques/T1070/009/
attack.mitre.org/versions/v14/techniques/T1074/
attack.mitre.org/versions/v14/techniques/T1074/
attack.mitre.org/versions/v14/techniques/T1078/
attack.mitre.org/versions/v14/techniques/T1078/
attack.mitre.org/versions/v14/techniques/T1078/004/
attack.mitre.org/versions/v14/techniques/T1078/004/
attack.mitre.org/versions/v14/techniques/T1083/
attack.mitre.org/versions/v14/techniques/T1083/
attack.mitre.org/versions/v14/techniques/T1087/001/
attack.mitre.org/versions/v14/techniques/T1087/001/
attack.mitre.org/versions/v14/techniques/T1090/
attack.mitre.org/versions/v14/techniques/T1090/003/
attack.mitre.org/versions/v14/techniques/T1090/003/
attack.mitre.org/versions/v14/techniques/T1105/
attack.mitre.org/versions/v14/techniques/T1105/
attack.mitre.org/versions/v14/techniques/T1110/002/
attack.mitre.org/versions/v14/techniques/T1110/002/
attack.mitre.org/versions/v14/techniques/T1112
attack.mitre.org/versions/v14/techniques/T1112
attack.mitre.org/versions/v14/techniques/T1113/
attack.mitre.org/versions/v14/techniques/T1120
attack.mitre.org/versions/v14/techniques/T1124/
attack.mitre.org/versions/v14/techniques/T1133/
attack.mitre.org/versions/v14/techniques/T1133/
attack.mitre.org/versions/v14/techniques/T1190/
attack.mitre.org/versions/v14/techniques/T1190/
attack.mitre.org/versions/v14/techniques/T1217/
attack.mitre.org/versions/v14/techniques/T1218/
attack.mitre.org/versions/v14/techniques/T1218/
attack.mitre.org/versions/v14/techniques/T1518
attack.mitre.org/versions/v14/techniques/T1550/
attack.mitre.org/versions/v14/techniques/T1550/
attack.mitre.org/versions/v14/techniques/T1552/
attack.mitre.org/versions/v14/techniques/T1552/
attack.mitre.org/versions/v14/techniques/T1552/004/
attack.mitre.org/versions/v14/techniques/T1552/004/
attack.mitre.org/versions/v14/techniques/T1555
attack.mitre.org/versions/v14/techniques/T1555/003/
attack.mitre.org/versions/v14/techniques/T1555/003/
attack.mitre.org/versions/v14/techniques/T1560/
attack.mitre.org/versions/v14/techniques/T1560/
attack.mitre.org/versions/v14/techniques/T1560/001/
attack.mitre.org/versions/v14/techniques/T1560/001/
attack.mitre.org/versions/v14/techniques/T1563/
attack.mitre.org/versions/v14/techniques/T1563/
attack.mitre.org/versions/v14/techniques/T1573/
attack.mitre.org/versions/v14/techniques/T1573/
attack.mitre.org/versions/v14/techniques/T1583/005/
attack.mitre.org/versions/v14/techniques/T1583/005/
attack.mitre.org/versions/v14/techniques/T1584/004/
attack.mitre.org/versions/v14/techniques/T1584/004/
attack.mitre.org/versions/v14/techniques/T1584/005/
attack.mitre.org/versions/v14/techniques/T1584/005/
attack.mitre.org/versions/v14/techniques/T1587/004/
attack.mitre.org/versions/v14/techniques/T1587/004/
attack.mitre.org/versions/v14/techniques/T1588/005/
attack.mitre.org/versions/v14/techniques/T1588/005/
attack.mitre.org/versions/v14/techniques/T1589/
attack.mitre.org/versions/v14/techniques/T1589/
attack.mitre.org/versions/v14/techniques/T1589/002/
attack.mitre.org/versions/v14/techniques/T1589/002/
attack.mitre.org/versions/v14/techniques/T1590/
attack.mitre.org/versions/v14/techniques/T1590/
attack.mitre.org/versions/v14/techniques/T1591/
attack.mitre.org/versions/v14/techniques/T1591/
attack.mitre.org/versions/v14/techniques/T1592/
attack.mitre.org/versions/v14/techniques/T1592/
attack.mitre.org/versions/v14/techniques/T1593/
attack.mitre.org/versions/v14/techniques/T1593/
attack.mitre.org/versions/v14/techniques/T1594/
attack.mitre.org/versions/v14/techniques/T1594/
attack.mitre.org/versions/v14/techniques/T1614/
attack.mitre.org/versions/v14/techniques/T1654/
attack.mitre.org/versions/v14/techniques/T1654/
blueprint.asd.gov.au/
fofa.info/
fofa.info/
github.com/cisagov/Decider/
github.com/cisagov/ScubaGear
github.com/fatedier/frp
github.com/fatedier/frp
github.com/sandialabs/gait
github.com/sandialabs/gait
github.com/sandialabs/gait
github.com/sandialabs/gait
learn.microsoft.com/en-us/microsoft-identity-manager/pam/tier-model-for-partitioning-administrative-privileges
learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-devices
learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview
media.defense.gov/2020/Jul/23/2002462846/-1/-1/0/OT_ADVISORY-DUAL-OFFICIAL-20200722.PDF
media.defense.gov/2020/Jul/23/2002462846/-1/-1/0/OT_ADVISORY-DUAL-OFFICIAL-20200722.PDF
media.defense.gov/2021/Apr/29/2002630479/-1/-1/0/CSA_STOP-MCA-AGAINST-OT_UOO13672321.PDF
media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
nvd.nist.gov/vuln/detail/CVE-2022-42475
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=PRC%20State-Sponsored%20Actors%20Compromise%20and%20Maintain%20Persistent%20Access%20to%20U.S.%20Critical%20Infrastructure+https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals#AssetInventory1A
www.cisa.gov/cross-sector-cybersecurity-performance-goals#BasicCybersecurityTraining2I
www.cisa.gov/cross-sector-cybersecurity-performance-goals#ChangingDefaultPasswords2A
www.cisa.gov/cross-sector-cybersecurity-performance-goals#ChangingDefaultPasswords2A
www.cisa.gov/cross-sector-cybersecurity-performance-goals#DetectingRelevantThreatsandTTPs3A
www.cisa.gov/cross-sector-cybersecurity-performance-goals#LogCollection2T
www.cisa.gov/cross-sector-cybersecurity-performance-goals#MinimumPasswordStrength2B
www.cisa.gov/cross-sector-cybersecurity-performance-goals#MitigatingKnownVulnerabilities1E
www.cisa.gov/cross-sector-cybersecurity-performance-goals#NetworkSegmentation2F
www.cisa.gov/cross-sector-cybersecurity-performance-goals#OTCybersecurityTraining2J
www.cisa.gov/cross-sector-cybersecurity-performance-goals#PhishingResistantMultifactorAuthenticationMFA2H
www.cisa.gov/cross-sector-cybersecurity-performance-goals#RevokingCredentialsforDepartingEmployees2D
www.cisa.gov/cross-sector-cybersecurity-performance-goals#SecureLogStorage2U
www.cisa.gov/cross-sector-cybersecurity-performance-goals#SecureSensitiveData2L
www.cisa.gov/cross-sector-cybersecurity-performance-goals#SecureSensitiveData2L
www.cisa.gov/cross-sector-cybersecurity-performance-goals#SeparatingUserandPrivilegedAccounts2E
www.cisa.gov/cross-sector-cybersecurity-performance-goals#ThirdPartyValidationofCybersecurityControlEffectiveness1F
www.cisa.gov/cross-sector-cybersecurity-performance-goals#UniqueCredentials2C
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/news-events/alerts/2021/01/07/supply-chain-compromise
www.cisa.gov/news-events/analysis-reports/ar21-134a
www.cisa.gov/news-events/analysis-reports/ar24-038a
www.cisa.gov/news-events/analysis-reports/ar24-038a
www.cisa.gov/news-events/analysis-reports/ar24-038a
www.cisa.gov/news-events/analysis-reports/ar24-038a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-245a
www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
www.cisa.gov/resources-tools/resources/federal-government-cybersecurity-incident-and-vulnerability-response-playbooks
www.cisa.gov/resources-tools/resources/guide-securing-remote-access-software
www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
www.cisa.gov/resources-tools/resources/secure-by-design
www.cisa.gov/resources-tools/resources/secure-design-alert-security-design-improvements-soho-device-manufacturers
www.cisa.gov/resources-tools/resources/stopransomware-guide
www.cisa.gov/resources-tools/resources/water-and-wastewater-sector-incident-response-guide-0
www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project#:~:text=Microsoft%20365%20%26%20Google%20Workspace%20Baselines
www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project#:~:text=Microsoft%20365%20%26%20Google%20Workspace%20Baselines
www.cisa.gov/securebydesign
www.cisa.gov/securebydesign
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/communications-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/communications-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/energy-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/energy-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/water-and-wastewater-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/water-and-wastewater-sector
www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/china
www.cyber.gov.au/
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a&title=PRC%20State-Sponsored%20Actors%20Compromise%20and%20Maintain%20Persistent%20Access%20to%20U.S.%20Critical%20Infrastructure
www.fbi.gov/contact-us/field-offices
www.instagram.com/cisagov
www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical
www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical
www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
www.ncsc.gov.uk/section/about-this-website/contact-us
www.oig.dhs.gov/
www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
zeek.org/
zeek.org/
mailto:?subject=PRC%20State-Sponsored%20Actors%20Compromise%20and%20Maintain%20Persistent%20Access%20to%20U.S.%20Critical%20Infrastructure&body=www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.419 Medium
EPSS
Percentile
97.3%