Jump to content
  • US govt shares top flaws exploited by Chinese hackers since 2020

    alf9872000

    • 324 views
    • 3 minutes
     Share


    • 324 views
    • 3 minutes

    NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China (PRC) to target government and critical infrastructure networks.

     

    The three federal agencies said in a joint advisory that Chinese-sponsored hackers are targeting U.S. and allied networks and tech companies to gain access to sensitive networks and steal intellectual property.

     

    "NSA, CISA, and FBI continue to assess PRC state-sponsored cyber activities as being one of the largest and most dynamic threats to U.S. government and civilian networks," the advisory says.

     

    "This joint CSA builds on previous NSA, CISA, and FBI reporting to inform federal and state, local, tribal and territorial (SLTT) government; critical infrastructure, including the Defense Industrial Base Sector; and private sector organizations about notable trends and persistent tactics, techniques, and procedures (TTPs)."

     

    The advisory also bundles recommended mitigations for each of the security flaws most exploited by Chinese threat actors, as well as detection methods and vulnerable technologies to help defenders spot and block incoming attack attempts.

     

    The following security vulnerabilities have been the top most exploited by Chinese-backed state hackers since 2020, according to the NSA, CISA, and the FBI.

     

    Vendor

    CVE

    Vulnerability Type

    Apache Log4j

    CVE-2021-44228

    Remote Code Execution

    Pulse Connect Secure

    CVE-2019-11510

    Arbitrary File Read

    GitLab CE/EE

    CVE-2021-22205

    Remote Code Execution

    Atlassian

    CVE-2022-26134

    Remote Code Execution

    Microsoft Exchange

    CVE-2021-26855

    Remote Code Execution

    F5 Big-IP

    CVE-2020-5902

    Remote Code Execution

    VMware vCenter Server

    CVE-2021-22005

    Arbitrary File Upload

    Citrix ADC

    CVE-2019-19781

    Path Traversal

    Cisco Hyperflex

    CVE-2021-1497

    Command Line Execution

    Buffalo WSR

    CVE-2021-20090

    Relative Path Traversal

    Atlassian Confluence Server and Data Center

    CVE-2021-26084

    Remote Code Execution

    Hikvision Webserver

    CVE-2021-36260

    Command Injection

    Sitecore XP

    CVE-2021-42237

    Remote Code Execution

    F5 Big-IP

    CVE-2022-1388

    Remote Code Execution

    Apache

    CVE-2022-24112

    Authentication Bypass by Spoofing

    ZOHO

    CVE-2021-40539

    Remote Code Execution

    Microsoft

    CVE-2021-26857

    Remote Code Execution

    Microsoft

    CVE-2021-26858

    Remote Code Execution

    Microsoft

    CVE-2021-27065

    Remote Code Execution

    Apache HTTP Server

    CVE-2021-41773

    Path Traversal

    Mitigation measures

    NSA, CISA, and FBI also urged U.S. and allied governments, critical infrastructure, and private sector orgs to apply the following mitigation measures to defend against Chinese-sponsored cyber-attacks.

     

    The three federal agencies advise organizations to apply security patches as soon as possible, use phishing-resistant multi-factor authentication (MFA) whenever possible, and replace end-of-life network infrastructure no longer receiving security patches.

     

    They also recommend moving towards the Zero Trust security model and enabling robust logging on internet-exposed services to detect attack attempts as soon as possible.

     

    Today's joint advisory follows two others that shared information on tactics, techniques, and procedures (TTPs) used by Chinese-backed threat groups (in 2021) and publicly known vulnerabilities they exploit in attacks (in 2020).

     

    In June, they also revealed that Chinese state hackers had compromised major telecommunications companies and network service providers to steal credentials and harvest data.

     

    On Tuesday, the U.S. Government also issued an alert about state-backed hackers stealing data from U.S. defense contractors using a custom CovalentStealer malware and the Impacket framework.

     

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...