UPDATED 20:15 EST / JUNE 08 2022

SECURITY

US government warns that Chinese hackers are targeting known vulnerabilities

The U.S. government is warning that Chinese state-sponsored hackers continue to exploit publicly known vulnerabilities to gain access to network providers and devices.

The joint Cybersecurity Advisory issued Tuesday by the National Security Agency, the Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation details how hackers target and compromise major telecommunications companies and network service providers.

The state-sponsored hackers have been observed targeting top vulnerabilities, primarily those with Common Vulnerabilities and Exposures scores, since 2020. In targeting known CVEs, the hackers have gained access to victim accounts in virtual private networks or public-facing applications without using their own distinctive or identifying malware. The common variable is that state-sponsored hackers gain access before victim organizations update their systems.

It’s claimed that Chinese hackers are continuously evolving and adapting tactics to bypass defenses. The NSA, CISA and the FBI have observed state-sponsored actors monitoring network defenders’ accounts and actions and modifying their ongoing campaigns to remain undetected.

The advisory also lists the most frequently exploited vulnerabilities being targeted and the companies behind the network devices where they are found. Most of the vulnerabilities involve remote code execution with some authentication bypass, privilege elevation, remote injection and XML routing detour attack vulnerabilities as well.

The vendors with affected network devices include Cisco System Inc., Citrix Systems Inc., DrayTek Corp., D-Link Corp., Fortinet Inc., MikroTik, Netgear Inc., Pulse, QNAP Systems Inc. and Zyxel Communications Corp.

The advisory urges organizations to keep systems and products updated and patched, immediately remove or isolate suspected compromised devices and segment networks to limit or block lateral movement. Other recommendations include disabling unused or unnecessary network services, ports, protocols and devices and enforcing multifactor authentication on all users and VPN connections.

Organizations are also advised to enforce strict password requirements, including enforcing password complexity, changing passwords frequently and performing regular account reviews to ensure compliance.

“The NSA, CISA and the FBI noted that upon gaining initial access to a telecommunications organization or network service provider, People’s Republic of China state-sponsored cyber actors have successfully identified critical users and infrastructure, including systems critical to maintaining the security of authentication, authorization and accounting,” Terry Olaes, director of sales engineering at enterprise cybersecurity solutions company Skybox Security Inc., told SiliconANGLE. “It is the latest urgent reminder that cybercriminals are increasingly targeting known vulnerabilities hiding in plain sight and turning them into backdoors to deploy complex attacks that are increasing at record rates.”

Jason Middaugh, chief information security officer at managed security provider MRK Technologies, noted that the advisory drives home the importance of good cybersecurity fundamentals such as keeping assets updated and patched, changing default credentials to strong passphrases, and requiring multifactor authentication wherever possible.

“Many companies make the mistake of focusing on implementing the latest and greatest high-tech hardware/software and overlook the basics like system hardening and asset lifecycle management,” Middaugh explained. “It does not matter whether it is the PRC attempting to exploit the device or an international cybercrime syndicate, if you don’t do the basics well, it is only a matter of time before an internet-facing asset is compromised.”

Photo: Pxfuel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU