Cybersecurity advisory

US Agencies Divulge Vulnerabilities Exploited by Cyber Actors Sponsored by China

The National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI have unveiled the most common vulnerabilities China has been exploiting since 2020 to access the government and critical infrastructure networks of the U.S. and its allies. In a new cybersecurity advisory, the agencies said that China-sponsored cyber actors aim to steal intellectual property from Defense Industrial Base sector organizations and other entities. All U.S. and allied governments and organizations are encouraged to apply recommended mitigations and strengthen their defenses against such threats, NSA said.

Some of the top application flaws being exploited are the remote code execution vulnerability existing in Apache Log4j, Microsoft Exchange and Atlassian; the arbitrary file read flaw in Pulse Connect Secure; and the command injection vulnerability found in Cisco HyperFlex.

The document noted that the actors have been using virtual private networks to conceal their activities and target web-facing applications to gain initial access, after which they will use the said vulnerabilities to infiltrate other internally connected networks.

The U.S. agencies advised organizations to update and patch systems immediately, use phishing-resistant multifactor authentication, block obsolete or unused protocols at the network edge and move toward the zero trust security model, among other security measures.

In a previous cybersecurity advisory, the NSA, CISA and the FBI warned that the China-sponsored threat actors have also “targeted and compromised major telecommunications companies and network service providers primarily by exploiting publicly known vulnerabilities.”