People's Republic of China Cyber Threat

Report to CISA

CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against People’s Republic of China (PRC) state-sponsored cybersecurity activity.

China remains the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks. If Beijing believed that a major conflict with the United States were imminent, it would consider aggressive cyber operations against U.S. critical infrastructure and military assets. Such a strike would be designed to deter U.S. military action by impeding U.S. decisionmaking, inducing societal panic, and interfering with the deployment of U.S. forces.-ODNI 2024 Threat Assessm

According to our joint advisory on PRC state-sponsored activity, PRC state-sponsored cyber actors are seeking to pre-position themselves on information technology (IT) networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States:

CISA, the National Security Agency (NSA), and Federal Bureau of Investigation (FBI) have confirmed that the PRC state-sponsored cyber actors known as Volt Typhoon have compromised the IT environments of multiple critical infrastructure organizations.
- These organizations are primarily in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors in the continental and non-continental United States and its territories, including Guam.
The choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations.
CISA, NSA, and FBI assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to operational technology assets to disrupt functions.

CISA Live! Event Recording "People's Republic of China Cyber Threats and What We Can Do"

This CISA Live! event was on one of the most significant threats to the U.S. critical infrastructure: People’s Republic of China-backed cyber threats.

ACCESS THE RECORDING

Abstract city landscape fading into glowing cyber lines

Living off the Land

This Advisory focuses on a set of techniques, called "living off the land," used by cyber actors to maintain anonymity within IT infrastructure by abusing tools already present in the environment such as PowerShell, WMI, and FTP clients. Also see the accompanying fact sheet.

View advisory

An image portraying a cybersecurity threat

CISA and Joint CISA Advisories

Review China-specific advisories here.

View advisories

Watch CISA Director Easterly Testify Before the House Select Committee on the CCP

CISA Director Easterly testifies during a January 31, 2024 congressional hearing on PRC state-sponsored cybersecurity threats.

Read Director Easterly's opening statement.

Watch the Video

Key Resources

Defending Against Nation-State Cyber Threats

Find more information on Nation-State adversaries and related resources.

CyberSentry Program

This threat detection and monitoring capability for IT and operational technology provides persistent visibility into adversary activity targeting critical infrastructure networks and can drive urgent mitigation where activity is identified.

Blogs

Blog: Under the Digital Radar: Defending Against People’s Republic of China’s Nation-State Cyber Threats to America’s Small Businesses

For years, CISA has worked to defend federal, state, local tribal, and territorial governments as well as our private sector partners from malicious cyber activities emanating from the People’s Republic of China.