| August 3, 2020 | MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR | CISA, FBI, and DoD released a MAR describing Chinese government actors using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. |
| May 13, 2020 | CISA and FBI Joint Public Service Announcement: People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations | CISA and FBI issued a Public Service Announcement warning healthcare, pharmaceutical, and research sectors working on the COVID-19 response of likely targeting and attempted network compromise by the PRC. |
| February 2019 | CISA Webinar: Chinese Cyber Activity Targeting Managed Service Providers CISA Webinar Slide Deck: Chinese Cyber Activity Targeting Managed Service Providers | CISA provided a Webinar on Chinese state-sponsored cyber actors targeting managed service providers (MSPs) and their customers. This campaign is referred to as CLOUD HOPPER. |
| October 3, 2018 | CISA Alert: Advanced Persistent Threat Activity Exploiting Managed Service Providers CISA Alert: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation | These Alerts address the CLOUD HOPPER Campaign. Since May 2016, APT actors have used various TTPs to attempt to infiltrate the networks of global MSPs for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including IT, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing. |
| April 27, 2017 | CISA Alert: Intrusions Affecting Multiple Victims Across Multiple Sectors | This Alert provides information on a campaign in which Chinese government cyber threat actors exploited trust relationships between IT service providers—such as MSPs and cloud service providers—and their customers. Chinese cyber actors associated with the Chinese MSS carried out a campaign of cyber-enabled theft targeting global technology service providers and their customers. The actors gained access to multiple U.S. and global IT service providers and their customers in an effort to steal the intellectual property and sensitive data of companies located in at least 12 countries. |