Generic coding language design with red background

People's Republic of China Cyber Threat

CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against Chinese State-Sponsored cybersecurity risks.

Report to CISA

CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against People’s Republic of China (PRC) state-sponsored cybersecurity activity. 

 

China remains the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks. If Beijing believed that a major conflict with the United States were imminent, it would consider aggressive cyber operations against U.S. critical infrastructure and military assets. Such a strike would be designed to deter U.S. military action by impeding U.S. decisionmaking, inducing societal panic, and interfering with the deployment of U.S. forces.-ODNI 2024 Threat Assessm

According to our joint advisory on PRC state-sponsored activity, PRC state-sponsored cyber actors are seeking to pre-position themselves on information technology (IT) networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States:

  • CISA, the National Security Agency (NSA), and Federal Bureau of Investigation (FBI) have confirmed that the PRC state-sponsored cyber actors known as Volt Typhoon have compromised the IT environments of multiple critical infrastructure organizations.
    • These organizations are primarily in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors in the continental and non-continental United States and its territories, including Guam.
  • The choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence-gathering operations.
  • CISA, NSA, and FBI assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to operational technology assets to disrupt functions.

     
Abstract city landscape fading into glowing cyber lines

Living off the Land

This advisory focuses on a set of techniques, called "living off the land," used by cyber actors to maintain anonymity within IT infrastructure by abusing tools already present in the environment, such as PowerShell, WMI, and FTP clients. Also see the accompanying fact sheet

View advisory
An image portraying a cybersecurity threat

CISA and Joint CISA Advisories

Review China-specific advisories here.

View advisories

Key Resources

Advanced Persistent Threats

Defending Against Nation-State Cyber Threats

Find more information on nation-state adversaries and related resources.

a photo of cyber locks

CyberSentry Program

This threat detection and monitoring capability for IT and operational technology provides persistent visibility into adversary activity targeting critical infrastructure networks and can drive urgent mitigation where activity is identified.

Blogs

Blog Graphic

Blog: Under the Digital Radar: Defending Against People’s Republic of China’s Nation-State Cyber Threats to America’s Small Businesses

For years, CISA has worked to defend federal, state, local, tribal, and territorial governments as well as our private sector partners from malicious cyber activities emanating from the People’s Republic of China.