NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China (PRC) to target government and critical infrastructure networks.
The three federal agencies said in a joint advisory that Chinese-sponsored hackers are targeting U.S. and allied networks and tech companies to gain access to sensitive networks and steal intellectual property.
"NSA, CISA, and FBI continue to assess PRC state-sponsored cyber activities as being one of the largest and most dynamic threats to U.S. government and civilian networks," the advisory says.
"This joint CSA builds on previous NSA, CISA, and FBI reporting to inform federal and state, local, tribal and territorial (SLTT) government; critical infrastructure, including the Defense Industrial Base Sector; and private sector organizations about notable trends and persistent tactics, techniques, and procedures (TTPs)."
The advisory also bundles recommended mitigations for each of the security flaws most exploited by Chinese threat actors, as well as detection methods and vulnerable technologies to help defenders spot and block incoming attack attempts.
The following security vulnerabilities have been the top most exploited by Chinese-backed state hackers since 2020, according to the NSA, CISA, and the FBI.
Vendor |
CVE |
Vulnerability Type |
Apache Log4j |
CVE-2021-44228 |
Remote Code Execution |
Pulse Connect Secure |
CVE-2019-11510 |
Arbitrary File Read |
GitLab CE/EE |
CVE-2021-22205 |
Remote Code Execution |
Atlassian |
CVE-2022-26134 |
Remote Code Execution |
Microsoft Exchange |
CVE-2021-26855 |
Remote Code Execution |
F5 Big-IP |
CVE-2020-5902 |
Remote Code Execution |
VMware vCenter Server |
CVE-2021-22005 |
Arbitrary File Upload |
Citrix ADC |
CVE-2019-19781 |
Path Traversal |
Cisco Hyperflex |
CVE-2021-1497 |
Command Line Execution |
Buffalo WSR |
CVE-2021-20090 |
Relative Path Traversal |
Atlassian Confluence Server and Data Center |
CVE-2021-26084 |
Remote Code Execution |
Hikvision Webserver |
CVE-2021-36260 |
Command Injection |
Sitecore XP |
CVE-2021-42237 |
Remote Code Execution |
F5 Big-IP |
CVE-2022-1388 |
Remote Code Execution |
Apache |
CVE-2022-24112 |
Authentication Bypass by Spoofing |
ZOHO |
CVE-2021-40539 |
Remote Code Execution |
Microsoft |
CVE-2021-26857 |
Remote Code Execution |
Microsoft |
CVE-2021-26858 |
Remote Code Execution |
Microsoft |
CVE-2021-27065 |
Remote Code Execution |
Apache HTTP Server |
CVE-2021-41773 |
Path Traversal |
Mitigation measures
NSA, CISA, and FBI also urged U.S. and allied governments, critical infrastructure, and private sector orgs to apply the following mitigation measures to defend against Chinese-sponsored cyber-attacks.
The three federal agencies advise organizations to apply security patches as soon as possible, use phishing-resistant multi-factor authentication (MFA) whenever possible, and replace end-of-life network infrastructure no longer receiving security patches.
They also recommend moving towards the Zero Trust security model and enabling robust logging on internet-exposed services to detect attack attempts as soon as possible.
Today's joint advisory follows two others that shared information on tactics, techniques, and procedures (TTPs) used by Chinese-backed threat groups (in 2021) and publicly known vulnerabilities they exploit in attacks (in 2020).
In June, they also revealed that Chinese state hackers had compromised major telecommunications companies and network service providers to steal credentials and harvest data.
On Tuesday, the U.S. Government also issued an alert about state-backed hackers stealing data from U.S. defense contractors using a custom CovalentStealer malware and the Impacket framework.
Comments
ThomasMann - 1 year ago
To put all these russian and chinese hacks in perspective:
I have absolutely NO problem with the chinese or russian government hacking any of my accounts. The suggestions that either is interested in harming me, is preposterous!
Given the most vertainly coming conflict about Taiwan, and attack against China by the US, the Chinese are well advised to protect themselves. Xi and his men will not fall for the, admittedly, brilliant trickery that lured Putin into the US set trap that lured him into his attack at the wrong time.
The opposite is true about the US or European governments... these people will indeed use my data aginst me whenever it suits them...
And, of course, always remember, the only reason why they are publishing them now is, that they have exploited those themselves, and now have no further use for them
EndangeredPootisBird - 1 year ago
The propaganda is strong with this one...
ThomasMann - 1 year ago
Yes, but it is a bit much since Putin messed up, and fell in the Brezcinski trap... But of course I am wrong to expect "journalism" in a computer blog, when it no longer exists in the mainsteram media worldwide.