Several Chinese state-sponsored threat groups have been observed targeting businesses and governments in the European Union.
The claims come from a joint publication by the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU).
Published on Wednesday, the document directly mentions particular advanced persistent threats (APTs): APT27, APT30, APT31, Ke3chang, Gallium and Mustang Panda.
“On 19 July 2021, the EU has urged Chinese authorities to take actions against malicious cyber activities undertaken from their territory and linked to APT31,” reads the publication.
“These malicious cyber activities, which had significant effects, targeted government institutions and political organizations in the EU and Member States, as well as key European industries.”
The document adds that roughly a year later, Belgium also called upon Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors.
“These threat actors present important and ongoing threats to the European Union,” ENISA and CERT-EU wrote. “Recent operations pursued by these actors focused mainly on information theft, primarily via establishing persistent footholds within the network infrastructure of organizations of strategic relevance.”
To defend against these and similar threat actors, the European agencies said defenders should follow guidelines provided in the joint publication as well as the cybersecurity mitigation measures against critical threats compiled by CERT-EU.
These include following vendors’ best practices in hardening products, managing admin accounts and critical assets, and ensuring proper access controls for end users and external third-party contractors.
“ENISA and CERT-EU call for all public and private sector organizations in the EU to apply the recommendations included in this document in a consistent and systematic manner,” reads the publication.
“These recommendations aim to reduce the risk of being compromised by the mentioned APTs, as well as substantially improve the cybersecurity posture and enhance the overall resilience of these organizations against cyberattack.”
The joint advisory comes days after Chinese threat actor DEV-0147 was spotted targeting diplomatic entities in South America.
Source: Alessandro Mascellino