Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
Aug. 28, 2025, 3:31 p.m.
Description
The CISA Cybersecurity Advisory AA25-239A, issued jointly by U.S. and international cybersecurity and intelligence agencies, highlights a global cyber espionage campaign conducted by Chinese state-sponsored threat actors. These Advanced Persistent Threat (APT) groups have been targeting network infrastructure across sectors such as telecommunications, government, military, and transportation by exploiting known vulnerabilities in edge and backbone routers. Their tactics include modifying router firmware for persistent access, leveraging trusted connections to move laterally within networks, and employing stealth techniques to evade detection. The advisory identifies overlaps with groups like Salt Typhoon and GhostEmperor, and provides detailed tactics, techniques, and procedures (TTPs) to support detection and mitigation efforts. It urges organizations to proactively hunt for malicious activity and implement recommended security measures to defend against these sophisticated, long-term threats.
Tags
Date
- Created: Aug. 28, 2025, 3:03 p.m.
- Published: Aug. 28, 2025, 3:03 p.m.
- Modified: Aug. 28, 2025, 3:31 p.m.
Indicators
- 5a62b764850d52e01eddf735a5768aae58408780
- 4802edc8a5a14e7f60b2266439cc517c39f7402f
- f2bbba1ea0f34b262f158ff31e00d39d89bbc471d04e8fca60a034cabe18e4f4
- da692ea0b7f24e31696f8b4fe8a130dbbe3c7c15cea6bde24cccc1fb0a73ae9e
- a1abc3d11c16ae83b9a7cf62ebe6d144dfc5e19b579a99bad062a9d31cf30bfe
- 8b448f47e36909f3a921b4ff803cf3a61985d8a10f0fe594b405b92ed0fc21f1
- 91.245.253.99
- 91.231.186.227
- 89.41.26.142
- 89.117.2.39
- 74.48.84.119
- 85.195.89.94
- 74.48.78.66
- 74.48.78.116
- 63.245.1.34
- 63.245.1.13
- 63.141.234.109
- 61.19.148.66
- 45.61.165.157
- 45.61.159.25
- 45.61.154.130
- 45.61.151.12
- 45.61.149.62
- 45.61.149.200
- 45.61.134.223
- 45.61.133.61
- 45.61.133.31
- 45.61.133.157
- 45.61.132.125
- 45.59.118.136
- 45.146.120.213
- 45.146.120.210
- 45.125.67.226
- 45.125.64.195
- 38.71.99.145
- 37.120.239.52
- 212.236.17.237
- 193.43.104.185
- 193.239.86.146
- 193.239.86.132
- 172.86.80.15
- 172.86.70.73
- 172.86.65.145
- 172.86.124.235
- 172.86.108.11
- 172.86.106.15
- 172.86.102.83
- 172.86.101.123
- 167.88.175.231
- 167.88.175.175
- 167.88.173.58
- 167.88.173.252
- 167.88.172.70
- 167.88.164.166
- 164.82.20.53
- 146.70.79.81
- 146.70.79.68
- 144.172.79.4
- 144.172.76.213
- 142.171.227.16
- 14.143.247.202
- 107.189.15.206
- 104.194.154.222
- 104.194.154.150
- 104.194.153.181
- 104.194.147.15
- 104.194.129.137
- 103.7.58.162
- 103.253.40.199
- 103.168.91.231
- 1.222.84.29
- 89.117.1.147
- 45.61.134.134
- 45.61.133.79
- 45.61.133.77
- 45.61.128.29
- 45.59.120.171
- 43.254.132.118
- 23.227.202.253
- 23.227.199.77
- 23.227.196.22
- 193.56.255.210
- 172.86.106.39
- 172.86.106.234
- 167.88.173.158
- 146.70.24.144
- 104.194.150.26
- 103.199.17.238
- 59.148.233.250
- 190.131.194.90
- 45.125.67.144
- 5.181.132.95
Attack Patterns
Additional Informations
- Government
- 2a10:1fc0:7::f19c
- 2001:41d0:700:65dc::f656
- New Zealand
- Australia
- Canada
- United Kingdom of Great Britain and Northern Ireland
- United States of America