The Cybersecurity & Infrastructure Security Agency (CISA), in conjunction with other authoring and co-sealing agencies, has released a Cybersecurity Advisory (CSA) about  Chinese state-sponsored threat actors. These threat actors are targeting networks globally, including but not limited to: 

• Government 
• Transportation
• Lodging 
• Telecommunications
• Military infrastructure

Though the list is not holistic, the advisory also details the threat groups related to this activity: 

• Salt Typhoon
• RedMike
• UNC5807
• OPERATOR PANDA
• GhostEmperor

Cybersecurity leaders should prioritize certain CVEs due to the precedent of exploitation on exposed network edge devices, particularly by the mentioned threat actors, the advisory warns. The CVEs include: 

• CVE-2024-21887
• CVE-2024-3400
• CVE-2023-20273
• CVE-2023-20198
• CVE-2018-0171

In order to target telecommunications and network service providers, the threat actors exploit infrastructure that has not been attributed to publicly known botnets or obfuscation network infrastructure. To ensure persistent access to victim networks, the threat actors utilize a range of tactics, many of which can obscure their source IP address in system logs. 

Yet, the initial access vector is an information gap for CISA and the parties seeking to understand the scope, scale and impact of this activity.