Reposted from CISA/DHS
The Cybersecurity and Infrastructure Security Agency (CISA) published Mobile Communications Best Practices Guidance which provides individuals, especially highly targeted individuals, with practices they can apply to their mobile communications to protect against exploitation by People’s Republic of China (PRC)-affiliated and other cyber threat actors. “Highly targeted” individuals are senior government or senior political figures who likely possess information of interest to these threat actors. Recently, PRC-affiliated actors were identified conducting cyber espionage activity targeting commercial telecommunications infrastructure. This activity enabled the theft of customer call records and the compromise of private communications for a limited number of highly targeted individuals. Communications infrastructure organizations were encouraged to strengthen their visibility and harden their network devices. Recommended actions in the mobile communications guidance for individuals to apply include end-to-end encryption, Fast Identity Online, password manager and Telco Personal Identification Number. The guidance also recommends individuals do not use personal virtual private network and migrate away from Short Message Service-based multifactor authentication. This guidance includes specific recommendations for iPhone and Android mobile devices. While no single solution eliminates all risks, implementing these best practices significantly enhances protection. CISA urges individuals, specifically highly targeted individuals, to immediately review and apply recommended best practices in this guidance.
See Original Post