Nation-State Cyber Actors
Report to CISA
Overview
Nation-state adversaries, including the People’s Republic of China, Russia, North Korea and Iran, pose an elevated threat to our national security. These adversaries are known for their Advanced Persistent Threat (APT) activity:
- The Chinese government—officially known as the People’s Republic of China (PRC)—engages in malicious cyber activities to pursue its national interests including infiltrating critical infrastructure networks.
- The Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries.
- The North Korean government—officially known as the Democratic People’s Republic of Korea (DPRK)—employs malicious cyber activity to collect intelligence, conduct attacks, and generate revenue.
- Iran has exercised its increasingly sophisticated cyber capabilities to suppress certain social and political activity, and to harm regional and international adversaries.
Advanced Persistent Threat actors are well-resourced and engage in sophisticated malicious cyber activity that is targeted and aimed at prolonged network/system intrusion. APT objectives could include espionage, data theft, and network/system disruption or destruction. Organizations within the cybersecurity community conducting APT research assign names/numbers to APTs upon discovery. Because more than one organization engages in APT research and there may be overlaps among APTs, there can be multiple names for a single APT. For examples of APT listings, see MITRE ATT&CK’s® Groups and Mandiant’s APT Groups.
CISA's Role
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, CISA provides resources to help critical infrastructure and other stakeholders build resilience against APTs, including cybersecurity advisories written in coordination with interagency and international partners.
Key Resources
CISA provides the following resources that can greatly aid organizations in defending against APT activity:
Known Exploited Vulnerabilities Catalog
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
Secure by Design
It's time to build cybersecurity into the design and manufacture of technology products. Find out here what it means to be secure by design.
Shields Up!
Keep your Shields Up! to prepare for, respond to, and mitigate the impact of cyber-attacks. CISA is here to support you and your cybersecurity needs with expert resources, tools, and services to protect you from cyber threats.
Shields Ready
CISA stands ready to help America prepare for and adapt to changing risk conditions and withstand and recover rapidly from potential disruptions, regardless of cause.
Artificial Intelligence
CISA is particularly concerned about potential adversary use of AI to evade security controls and launch more damaging intrusions at scale.
Cyber Performance Goals (CPGs)
CPGs provide a baseline of fundamental cybersecurity practices organizations can implement to meaningfully reduce the likelihood and impact of APT activity.
Vulnerability Scanning Service
This free service sends subscriber organizations alerts when the service identifies vulnerabilities known to be exploited by APTs.
Cybersecurity Advisors
Regional CISA Cybersecurity Advisors advise, assist, and provide a variety of risk management and response services to critical infrastructure and SLTT organizations.
Cybersecurity Advisories
CISA regularly publishes Cybersecurity Advisories that cover:
-
APT tactics, techniques, and procedures, and
-
Specific mitigations to protect against these threats.
Report a Cyber Incident
To report anomalous cyber activity and or cyber incidents visit www.cisa.gov/report.