The European Union Agency for Cybersecurity (ENISA) and CERT-EU warn of multiple China-linked threat actors targeting businesses and government organizations in the EU.
The joint report focus on cyber activities conducted by multiple Chinese Advanced Persistent Threat (APT) groups, including APT27, APT30, APT31, Ke3chang, GALLIUM and Mustang Panda.
“The EU Cybersecurity Agency (ENISA) and the CERT for the EU institutions, bodies and agencies (CERT-EU) would like to draw the attention of their respective audiences on particular Advanced Persistent Threats (APTs), known as APT27, APT30, APT31, Ke3chang, GALLIUM and Mustang Panda. These threat actors have been recently conducting malicious cyber activities against business and governments in the Union.” reads the joint report. “These threat actors present important and ongoing threats to the European Union. Recent operations pursued by these actors focused mainly on information theft, primarily via establishing persistent footholds within the network infrastructure of organisations of strategic relevance.”
The European agencies are calling for all public and private sector organisations in the EU to apply the recommendations provided in the alert. The alert urges organizations to improve their cybersecurity posture and increase their resilience to cyberattacks.
The alert provides recommendations for prevention, detection, and response.
To prevent such attacks the agencies recommend:
To detect malicious cyber activities, the European agencies recommend:
The report also provides recommendations to improve the response to the incident. Organizations are urged to create and maintain an incident response plan and assess the incident severity.
The document also includes an overview of the China-linked threat actors that are targeting EU organizations.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Chinese APTs)