Yesterday, US-CERT released an advisory on hackers affiliated with China’s Ministry of State Security (MSS) targeting government agencies and private companies through recent high-profile vulnerabilities with readily available open-source exploits. Some of the exploits include:
- CVE-2020-5902 – F5 Big-IP Vulnerability
- CVE-2019-19781 – Citrix Virtual Private Network (VPN) Appliances
- CVE-2019-11510 – Pulse Secure VPN Servers
- CVE-2020-0688 – Microsoft Exchange Server
After a successful exploitation, the attackers download a variety of tools such as Cobalt Strike, the China Chopper web shell and Mimikatz. With these tools, the attacker can run scripts or commands on the infected machines, modify or exfiltrate files and dump Windows credentials for further compromise.