PRC State-Sponsored Actors Compromise and Maintain Persisten... - vulnerability database

attack.mitre.org/versions/v14/techniques/T1082/

attack.mitre.org/software/S0357/

attack.mitre.org/techniques/T1090/

attack.mitre.org/techniques/T1090/001/

attack.mitre.org/versions/v14/matrices/enterprise/

attack.mitre.org/versions/v14/software/S0002/

attack.mitre.org/versions/v14/tactics/TA0001/

attack.mitre.org/versions/v14/tactics/TA0003/

attack.mitre.org/versions/v14/tactics/TA0005/

attack.mitre.org/versions/v14/tactics/TA0008/

attack.mitre.org/versions/v14/tactics/TA0009/

attack.mitre.org/versions/v14/tactics/TA0010/

attack.mitre.org/versions/v14/tactics/TA0043/

attack.mitre.org/versions/v14/techniques/T1003/001/

attack.mitre.org/versions/v14/techniques/T1003/003/

attack.mitre.org/versions/v14/techniques/T1006/

attack.mitre.org/versions/v14/techniques/T1007/

attack.mitre.org/versions/v14/techniques/T1010/

attack.mitre.org/versions/v14/techniques/T1012/

attack.mitre.org/versions/v14/techniques/T1016/

attack.mitre.org/versions/v14/techniques/T1016/001/

attack.mitre.org/versions/v14/techniques/T1021/001/

attack.mitre.org/versions/v14/techniques/T1021/007/

attack.mitre.org/versions/v14/techniques/T1027/002/

attack.mitre.org/versions/v14/techniques/T1033/

attack.mitre.org/versions/v14/techniques/T1036/005/

attack.mitre.org/versions/v14/techniques/T1046/

attack.mitre.org/versions/v14/techniques/T1047/

attack.mitre.org/versions/v14/techniques/T1048/

attack.mitre.org/versions/v14/techniques/T1057/

attack.mitre.org/versions/v14/techniques/T1059/

attack.mitre.org/versions/v14/techniques/T1059/001/

attack.mitre.org/versions/v14/techniques/T1059/004

attack.mitre.org/versions/v14/techniques/T1068/

attack.mitre.org/versions/v14/techniques/T1069/

attack.mitre.org/versions/v14/techniques/T1070/001/

attack.mitre.org/versions/v14/techniques/T1070/004/

attack.mitre.org/versions/v14/techniques/T1070/009/

attack.mitre.org/versions/v14/techniques/T1074/

attack.mitre.org/versions/v14/techniques/T1078/

attack.mitre.org/versions/v14/techniques/T1078/004/

attack.mitre.org/versions/v14/techniques/T1083/

attack.mitre.org/versions/v14/techniques/T1087/001/

attack.mitre.org/versions/v14/techniques/T1090/

attack.mitre.org/versions/v14/techniques/T1090/003/

attack.mitre.org/versions/v14/techniques/T1105/

attack.mitre.org/versions/v14/techniques/T1110/002/

attack.mitre.org/versions/v14/techniques/T1112

attack.mitre.org/versions/v14/techniques/T1113/

attack.mitre.org/versions/v14/techniques/T1120

attack.mitre.org/versions/v14/techniques/T1124/

attack.mitre.org/versions/v14/techniques/T1133/

attack.mitre.org/versions/v14/techniques/T1190/

attack.mitre.org/versions/v14/techniques/T1217/

attack.mitre.org/versions/v14/techniques/T1218/

attack.mitre.org/versions/v14/techniques/T1518

attack.mitre.org/versions/v14/techniques/T1550/

attack.mitre.org/versions/v14/techniques/T1552/

attack.mitre.org/versions/v14/techniques/T1552/004/

attack.mitre.org/versions/v14/techniques/T1555

attack.mitre.org/versions/v14/techniques/T1555/003/

attack.mitre.org/versions/v14/techniques/T1560/

attack.mitre.org/versions/v14/techniques/T1560/001/

attack.mitre.org/versions/v14/techniques/T1563/

attack.mitre.org/versions/v14/techniques/T1573/

attack.mitre.org/versions/v14/techniques/T1583/005/

attack.mitre.org/versions/v14/techniques/T1584/004/

attack.mitre.org/versions/v14/techniques/T1584/005/

attack.mitre.org/versions/v14/techniques/T1587/004/

attack.mitre.org/versions/v14/techniques/T1588/005/

attack.mitre.org/versions/v14/techniques/T1589/

attack.mitre.org/versions/v14/techniques/T1589/002/

attack.mitre.org/versions/v14/techniques/T1590/

attack.mitre.org/versions/v14/techniques/T1591/

attack.mitre.org/versions/v14/techniques/T1592/

attack.mitre.org/versions/v14/techniques/T1593/

attack.mitre.org/versions/v14/techniques/T1594/

attack.mitre.org/versions/v14/techniques/T1614/

attack.mitre.org/versions/v14/techniques/T1654/

blueprint.asd.gov.au/

fofa.info/

github.com/cisagov/Decider/

github.com/cisagov/ScubaGear

github.com/fatedier/frp

github.com/sandialabs/gait

learn.microsoft.com/en-us/microsoft-identity-manager/pam/tier-model-for-partitioning-administrative-privileges

learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-devices

learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview

media.defense.gov/2020/Jul/23/2002462846/-1/-1/0/OT_ADVISORY-DUAL-OFFICIAL-20200722.PDF

media.defense.gov/2021/Apr/29/2002630479/-1/-1/0/CSA_STOP-MCA-AGAINST-OT_UOO13672321.PDF

media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF

nvd.nist.gov/vuln/detail/CVE-2022-42475

public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138

twitter.com/CISAgov

twitter.com/intent/tweet?text=PRC%20State-Sponsored%20Actors%20Compromise%20and%20Maintain%20Persistent%20Access%20to%20U.S.%20Critical%20Infrastructure+https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

www.cisa.gov/cross-sector-cybersecurity-performance-goals

www.cisa.gov/cross-sector-cybersecurity-performance-goals#AssetInventory1A

www.cisa.gov/cross-sector-cybersecurity-performance-goals#BasicCybersecurityTraining2I

www.cisa.gov/cross-sector-cybersecurity-performance-goals#ChangingDefaultPasswords2A

www.cisa.gov/cross-sector-cybersecurity-performance-goals#DetectingRelevantThreatsandTTPs3A

www.cisa.gov/cross-sector-cybersecurity-performance-goals#LogCollection2T

www.cisa.gov/cross-sector-cybersecurity-performance-goals#MinimumPasswordStrength2B

www.cisa.gov/cross-sector-cybersecurity-performance-goals#MitigatingKnownVulnerabilities1E

www.cisa.gov/cross-sector-cybersecurity-performance-goals#NetworkSegmentation2F

www.cisa.gov/cross-sector-cybersecurity-performance-goals#OTCybersecurityTraining2J

www.cisa.gov/cross-sector-cybersecurity-performance-goals#PhishingResistantMultifactorAuthenticationMFA2H

www.cisa.gov/cross-sector-cybersecurity-performance-goals#RevokingCredentialsforDepartingEmployees2D

www.cisa.gov/cross-sector-cybersecurity-performance-goals#SecureLogStorage2U

www.cisa.gov/cross-sector-cybersecurity-performance-goals#SecureSensitiveData2L

www.cisa.gov/cross-sector-cybersecurity-performance-goals#SeparatingUserandPrivilegedAccounts2E

www.cisa.gov/cross-sector-cybersecurity-performance-goals#ThirdPartyValidationofCybersecurityControlEffectiveness1F

www.cisa.gov/cross-sector-cybersecurity-performance-goals#UniqueCredentials2C

www.cisa.gov/known-exploited-vulnerabilities-catalog

www.cisa.gov/news-events/alerts/2021/01/07/supply-chain-compromise

www.cisa.gov/news-events/analysis-reports/ar21-134a

www.cisa.gov/news-events/analysis-reports/ar24-038a

www.cisa.gov/news-events/cybersecurity-advisories/aa20-245a

www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a

www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping

www.cisa.gov/resources-tools/resources/federal-government-cybersecurity-incident-and-vulnerability-response-playbooks

www.cisa.gov/resources-tools/resources/guide-securing-remote-access-software

www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques

www.cisa.gov/resources-tools/resources/secure-by-design

www.cisa.gov/resources-tools/resources/secure-design-alert-security-design-improvements-soho-device-manufacturers

www.cisa.gov/resources-tools/resources/stopransomware-guide

www.cisa.gov/resources-tools/resources/water-and-wastewater-sector-incident-response-guide-0

www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project

www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project#:~:text=Microsoft%20365%20%26%20Google%20Workspace%20Baselines

www.cisa.gov/securebydesign

www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/communications-sector

www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/energy-sector

www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector

www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/water-and-wastewater-sector

www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/china

www.cyber.gov.au/

www.dhs.gov

www.dhs.gov/foia

www.dhs.gov/performance-financial-reports

www.facebook.com/CISA

www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a&title=PRC%20State-Sponsored%20Actors%20Compromise%20and%20Maintain%20Persistent%20Access%20to%20U.S.%20Critical%20Infrastructure

www.fbi.gov/contact-us/field-offices

www.instagram.com/cisagov

www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical

www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency

www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

www.ncsc.gov.uk/section/about-this-website/contact-us

www.oig.dhs.gov/

www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations

www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

www.usa.gov/

www.whitehouse.gov/

www.youtube.com/@cisagov

zeek.org/

mailto:?subject=PRC%20State-Sponsored%20Actors%20Compromise%20and%20Maintain%20Persistent%20Access%20to%20U.S.%20Critical%20Infrastructure&body=www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a