Redazione RHC : 29 August 2025 08:42
The United States and several allied countries have issued a joint warning about a growing cyber offensive conducted by actors sponsored by the People’s Republic of China. According to a new Cybersecurity Advisory released by the FBI, CISA, NSA, and numerous security agencies in Europe and Asia, Beijing’s APT groups are compromising critical networks and infrastructure globally, aiming to fuel a vast espionage system.
The operation is not limited to US cyberspace: targeted attacks have also been reported in Canada, Australia, the United Kingdom, Germany, Japan, and other partner countries, with particular attention to the government sector, transportation, telecommunications, and other sectors vital to national security.
The actors involved, often identified by names like Salt Typhoon, RedMike, or GhostEmperor, do not limit themselves to exploiting isolated vulnerabilities but also deeply target network backbones, routers, and frontier devices, modifying configurations and firmware to ensure a prolonged and difficult-to-detect presence. These are long-term espionage campaigns aimed at ensuring stable and silent access to strategic communications, bypassing the controls and defense systems of the targeted organizations.
The report highlights an alarming technical picture: the intrusions are based on a combination of sophisticated tactics and techniques, codified within the MITRE ATT&CK framework. Chinese cyber operators are using non-standard port openings, GRE and IPsec tunnels, ACL manipulation, and even direct firmware modifications to maintain persistence.
To gain entry, they exploit critical vulnerabilities that are already known but still widespread: these include flaws in Ivanti Connect Secure (CVE-2024-21887), Palo Alto PAN-OS (CVE-2024-3400), and Cisco IOS XE (including CVE-2023-20273 and CVE-2023-20198).
The scope of the attacks is not limited to isolated incidents, but outlines a wide-ranging strategy aimed at invisible control of the technological backbones. The ability to insert itself into backbone routers allows attackers to move laterally within networks, gather information, and conduct industrial and political espionage without being immediately detected.
The document released by Western agencies also offers a set of operational recommendations for network defenders. These include the need to carefully monitor suspicious configurations, conduct advanced threat hunting, implement timely patches, and apply rigorous incident response procedures. The authorities also emphasize that international collaboration and the adoption of shared protocols are essential to counter a threat that, due to its size and sophistication, cannot be addressed by individual states in isolation.
The publication of this joint warning demonstrates the growing concern over the expansion of China’s cyber offensive, now perceived as a direct challenge to global geopolitical balances.
The use of the Internet as a strategic tool for influence and control remains a decisive front in the confrontation between powers, with consequences that go beyond the technological level and affect national security, the economy, and the sovereignty of the countries involved.
Redazione