Today we have released new guidance, alongside our international partners, to provide telecommunications providers and network defenders of communications infrastructure with best practices to strengthen their visibility and harden devices against PRC-affiliated and other malicious cyber actors.
Our US partners have observed these actors compromising networks of major global telecommunications providers. Actors have focused on large US internet backbone routers, such as provider edge and customer edge routers. The compromises and malicious activity target exposed and vulnerable services, unpatched devices, and under-secured environments.
Visibility is critical for network defenders, particularly when identifying and responding to incidents. We encourage organisations to have 'high visibility' networks – meaning network defenders have detailed insight into network traffic, user activity, and data flow. This allows network defenders to quickly identify threats, anomalous behavior and vulnerabilities.
Organisations should also harden devices as a preventative 'defence-in-depth' strategy. Reducing vulnerabilities, adopting secure configuration practices, and applying best practices will limit potential entry points for cyber threat actors.
Read more about what you can do in the Enhanced Visibility and Hardening Guidance for Communications Infrastructure advisory.