Threat Watch

US Government Shares Top Flaws Exploited by Chinese Hackers Since 2020

The NSA, FBI, and CISA released a joint advisory identifying the top vulnerabilities most exploited by hackers backed by the People’s Republic of China (PRC). NSA, CISA, and FBI continue to assess PRC state-sponsored cyber activities as being one of the largest and most dynamic threats to U.S. government and civilian networks. PRC state-sponsored cyber actors continue to target government and critical infrastructure networks with an increasing array of new and adaptive techniques—some of which pose a significant risk to Information Technology Sector organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations. PRC state-sponsored cyber actors continue to exploit known vulnerabilities and use publicly available tools to target networks of interest. NSA, CISA, and FBI assess PRC state-sponsored cyber actors have actively targeted U.S. and allied networks as well as software and hardware companies to steal intellectual property and develop access into sensitive networks. These state-sponsored actors continue to use virtual private networks (VPNs) to obfuscate their activities and target web-facing applications to establish initial access.

ANALYST NOTES

NSA, CISA, and FBI urge organizations to apply the recommendations below.
• Update and patch systems as soon as possible. Prioritize patching vulnerabilities identified in this CSA and other known exploited vulnerabilities.
• Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised.
• Block obsolete or unused protocols at the network edge.
• Upgrade or replace end-of-life devices.
• Move toward the Zero Trust security model.
• Enable robust logging of Internet-facing systems and monitor the logs for anomalous activity.
For a full list of the vulnerabilities and more detailed mitigations, see the links below. Many of the vulnerabilities listed have been known for over a year and all have patches available. The issue keeping organizations from patching is usually that they aren’t aware they even have the vulnerable software deployed. Keeping an accurate inventory of software and version numbers is a critically important practice, but often overlooked by organizations.

https://www.bleepingcomputer.com/news/security/us-govt-shares-top-flaws-exploited-by-chinese-hackers-since-2020/

https://www.cisa.gov/uscert/ncas/alerts/aa22-279a