CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection.

Cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recent cluster of activity associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon. 

AA23-144A Alert, Technical Details, and Mitigations

Active Directory and domain controller hardening: Best Practices for Securing Active Directory | Microsoft Learn

CISA regional cyber threats: China Cyber Threat Overview and Advisories

Microsoft Threat Intelligence blog: Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog

No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.

U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov 

To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.