Attacks and Vulnerabilities
CISA
Critical infrastructure
Malware, Phishing & Ransomware
News
Threat Landscape
Vulnerabilities

US cybersecurity agencies list ‘top CVEs exploited’ by Chinese state-sponsored hackers since 2020

October 07, 2022
US cybersecurity agencies list ‘top CVEs exploited’ by Chinese state-sponsored hackers since 2020

A joint Cybersecurity Advisory (CSA) published Thursday by U.S. cybersecurity agencies provides details of the top Common Vulnerabilities and Exposures (CVEs) used by People’s Republic of China (PRC) state-sponsored cyber hackers since 2020. The advisory largely builds on the fact that these cyber attackers continue exploiting known vulnerabilities to actively target U.S. and allied networks, including software and hardware companies, illegally obtaining intellectual property and developing access to sensitive networks. 

The latest advisory builds on previous National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) reporting to inform federal and state, local, tribal and territorial (SLTT) government, critical infrastructure, including the defense industrial base (DIB) sector, and private sector organizations about notable trends and persistent tactics, techniques, and procedures (TTPs). 

The agencies also disclosed that these state-sponsored hackers continue to use virtual private networks (VPNs) to obfuscate their activities and target web-facing applications to establish initial access. They also identified that many of these vulnerabilities allow hackers to surreptitiously gain unauthorized access to sensitive networks. After this, they seek to establish persistence and move laterally to other internally connected networks.

Earlier this week, cybersecurity agencies disclosed that hackers were using Impacket and Exfiltration tool to steal sensitive information from a DIB organization. Additionally, from November last year through January, the CISA responded to advanced persistent threat (APT) activity on a DIB sector organization’s enterprise network. The advisory, however, did not name the targeted organization or clarify why the information was being made after several months.

Additionally, the agencies urge U.S. and allied governments, critical infrastructure, and private sector organizations to apply the recommended mitigations in a bid to increase their defensive posture and reduce the threat of compromise from PRC state-sponsored malicious cyber hackers. The advisory also said that PRC state-sponsored cyber activities are one of the largest and most dynamic threats to U.S. government and civilian networks.

The advisory revealed twenty vulnerabilities that the Chinese hackers have exploited since 2020. These vulnerabilities include the Apache Log4j, Pulse Connect Secure, Atlassian, F5 Big-IP, VMware vCenter Server, Hikvision Webserver, and about three Microsoft remote code execution security loopholes.

Earlier in June, the cybersecurity agencies published a report revealing that Chinese state hackers had exploited publicly known vulnerabilities to establish a broad network of compromised infrastructure. It also disclosed that the hackers frequently adopted open-source tools for reconnaissance and vulnerability scanning and used the network to exploit various targets worldwide, including public and private sector organizations. 

Following the recent CSA, the cybersecurity agencies called upon organizations to update and patch systems as soon as possible while prioritizing patching vulnerabilities identified in the guidance and other known exploited vulnerabilities. It also suggested using phishing-resistant multi-factor authentication whenever possible, requiring all accounts with password logins to have strong, unique passwords, and changing passwords immediately if there are indications that a password may have been compromised. 

The NSA, CISA, and FBI further suggested that organizations block obsolete or unused protocols at the network edge while upgrading or replacing end-of-life devices. It also advised moving towards the zero trust security model, enabling robust logging of Internet-facing systems and monitoring the logs for anomalous activity.

This is not the first time U.S. cybersecurity agencies have warned the industry about threats from Chinese state-sponsored malicious hackers. Two previous advisories shared information on the TTPs used by Chinese-backed threat groups in 2021 and publicly known vulnerabilities they exploited in attacks in 2020.

WaterISAC called upon its members to review the details included in the latest CSA, including the list of top CVEs for products used in their environment, and address them accordingly. “The CVEs disclosed include 2019 through present year. Most of the exploitation is of products that are widely used across all sectors, including water and wastewater,” it added.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation