CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, released a joint cybersecurity advisory detailing ongoing malicious activity by People’s Republic of China (PRC) state-sponsored Advanced Persistent Threat (APT) actors. The advisory warns of a deliberate and sustained campaign by these actors to gain long-term access to critical infrastructure networks around the world.
“CISA and our partners are committed to equipping critical infrastructure owners and operators with the intelligence and tools they need to defend against sophisticated cyber threats,” said Madhu Gottumukkala, Acting Director of CISA. “By exposing the tactics used by PRC state-sponsored actors and providing actionable guidance, we are helping organizations strengthen their defenses and protect the systems that underpin our national and economic security.”
“The FBI and our partners are committed to sharing threat intelligence and resources to counter PRC-sponsored cyber intrusions,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “Our victim-centered approach keeps us focused on delivering intelligence and tools to those who need them most. PRC threat actors thrive in the shadows. Together with our government and private sector partners we defend the homeland by shining a light on their activity and undermining the tactics and infrastructure they rely on.”
The advisory outlines how Chinese state-sponsored actors are exploiting vulnerabilities in routers used by telecommunications providers and other infrastructure operators. These actors often take steps to evade detection and maintain persistent access, particularly across telecommunications, transportation, lodging, and military networks.
The advisory builds on previous reporting and incorporates updated threat intelligence from investigations conducted through July 2025. It also reflects overlapping indicators with industry reporting on Chinese state-sponsored threat groups such as Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor, among others.
The recommended mitigations in this joint advisory include patching known exploited vulnerabilities (KEVs), enabling centralized logging, and securing edge infrastructure. These steps are critical to reducing the risk of compromise and ensuring the resilience of systems that underpin national and economic security.
As this is a global threat, CISA and its partners strongly urge all organizations, especially those in critical infrastructure, to review the advisory, hunt for signs of compromise, and implement the recommended mitigations as soon as possible.
For more information, visit People's Republic of China Threat Overview and Advisories.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.