NSA Report Details the Extent and Effectiveness of PRC Exploitation of the Internet

Written by

Geoff Halstead

Published on

July 9, 2024

Reading time

2 min.

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of the APT 40 unit of the PRC. This is just confirmation of what we already know – and was addressed by both FBI Director Christopher Wray and NSA Chief General Timothy Haugh in testimony to congress this summer. But now all of the details of PRC activities and tradecraft are explicitly laid out.

The CSA describes how APT 40 can rapidly exploit new public vulnerabilities in widely used software. Additionally, the group has evolved its tradecraft and embraced a global trend to use compromised devices, including home office devices, as operational infrastructure. Other PRC state-sponsored actors are using the same techniques, posing a threat to networks worldwide.

Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability. APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. This regular reconnaissance postures the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities from as early as 2017.

The level of detail and disclosure in itself is new and important. As Gary Miller, Faction Advisor and Founder of the Mobile Intelligence Alliance puts it:

This is a big deal. We monitor APT40 spyware and the NSA posting this overview as an international multi-agency report is a significant milestone.

Faction’s Take: The Internet is NOT Safe

As we have said:  The System is Blinking Red.

We entered a new era of cybersecurity over a decade ago where it not just criminal gangs that want your data. Three things have made this even worse in recent years:

  1. AI – gives even more power to the attackers, who are always 3 steps ahead.
  2. IOT – we are connecting all manner of critical devices and infrastructure to the Internet.
  3. Great Power Conflict – we are now dealing with hostile nation-state actors engaged in ongoing low-level cyberwarfare, while actively working and preparing to wreak havoc across our society and economy on a scale not seen before – should the need arise.

The assumptions upon which cybersecurity architectures have been designed are based on a ‘good enough’ approach that simply does not apply to the world we now live in. We need a fundamentally new approach built on a truly Zero Trust architecture. That’s what Faction is dedicated to: it’s critical, and the time is well past now for this to happen.

Read the NSA Report:

Related posts

AT&T Admits that Data of “Nearly All” Customers Was Breached in 2022

Reading Time: 2 min.

The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The…

Read more

Chrome Browser Revealed to Secretly Spy on PCs

Reading Time: 1 min.

Luca Casonato 🏳️‍🌈 on Twitter / X Developer Luca Casonato posted a series of tweets on July 9. He revealed…

Read more
Truck ELD Hack

Vulnerability Opens Millions of Trucks to Remote Takeover

Reading Time: 2 min.

A recent paper published by researched at the University of Colorado is just the latest in a long line of…

Read more

NSA Report Details the Extent and Effectiveness of PRC Exploitation of the Internet

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of the APT 40 unit of the PRC. This is just confirmation of what we already know – and was addressed by both FBI Director Christopher Wray and NSA Chief General…

Reading Time: 2 min.

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of the APT 40 unit of the PRC. This is just confirmation of what we already know – and was addressed by both FBI Director Christopher Wray and NSA Chief General Timothy Haugh in testimony to congress this summer. But now all of the details of PRC activities and tradecraft are explicitly laid out.

The CSA describes how APT 40 can rapidly exploit new public vulnerabilities in widely used software. Additionally, the group has evolved its tradecraft and embraced a global trend to use compromised devices, including home office devices, as operational infrastructure. Other PRC state-sponsored actors are using the same techniques, posing a threat to networks worldwide.

Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability. APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. This regular reconnaissance postures the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities from as early as 2017.

The level of detail and disclosure in itself is new and important. As Gary Miller, Faction Advisor and Founder of the Mobile Intelligence Alliance puts it:

This is a big deal. We monitor APT40 spyware and the NSA posting this overview as an international multi-agency report is a significant milestone.

Faction’s Take: The Internet is NOT Safe

As we have said:  The System is Blinking Red.

We entered a new era of cybersecurity over a decade ago where it not just criminal gangs that want your data. Three things have made this even worse in recent years:

  1. AI – gives even more power to the attackers, who are always 3 steps ahead.
  2. IOT – we are connecting all manner of critical devices and infrastructure to the Internet.
  3. Great Power Conflict – we are now dealing with hostile nation-state actors engaged in ongoing low-level cyberwarfare, while actively working and preparing to wreak havoc across our society and economy on a scale not seen before – should the need arise.

The assumptions upon which cybersecurity architectures have been designed are based on a ‘good enough’ approach that simply does not apply to the world we now live in. We need a fundamentally new approach built on a truly Zero Trust architecture. That’s what Faction is dedicated to: it’s critical, and the time is well past now for this to happen.

Read the NSA Report:

If you liked this post, Share it on: