NSA issues warning about Chinese state-sponsored actors exploiting known vulnerabilities
On October 20, the National Security Agency released a new cybersecurity advisory, detailing 25 vulnerabilities that Chinese state-sponsored malicious cyber actors are currently exploiting or targeting, to encourage stakeholders to apply mitigations.
Many of these vulnerabilities can be used to gain initial access to victim networks by exploiting products that are directly accessible from the Internet. Once a cyber-actor has established a presence on a network from one of these remote exploitation vulnerabilities, they can use other vulnerabilities to further exploit the network from the inside. While these CVEs are already publicly known, NSA is sharing knowledge of their active exploitation—with attribution—to encourage all National Security Systems (NSS), U.S. Defense Industrial Base (DIB), and Department of Defense (DoD) system owners to verify that their systems are protected against these threats and if not, take appropriate action.
“We hear loud and clear that it can be hard to prioritize patching and mitigation efforts,” NSA Cybersecurity Director Anne Neuberger said. “We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.
Chinese state-sponsored malicious cyber activity is a threat to NSS, DIB, and DOD information networks. These actors use a full array of tactics and techniques to exploit computer networks of interest that hold sensitive intellectual property, economic, political, and military information. Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and other mitigation efforts.