CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
Ravie Lakshmanan - September 15, 2020
Ravie Lakshmanan - September 15, 2020
[SHOWTOGROUPS=4,20,22]
Для просмотра ссылки Войдиили Зарегистрируйся
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a Для просмотра ссылки Войдиили Зарегистрируйся on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities.
"CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said.
Over the past 12 months, the victims were identified through sources such as Для просмотра ссылки Войдиили Зарегистрируйся, the Common Vulnerabilities and Exposure (Для просмотра ссылки Войди или Зарегистрируйся) database, and the National Vulnerabilities Database (NVD), exploiting the public release of a vulnerability to pick vulnerable targets and further their motives.
By compromising legitimate websites and leveraging spear-phishing emails with malicious links pointing to attacker-owned sites in order to gain initial access, the Chinese threat actors have deployed open-source tools such as Для просмотра ссылки Войдиили Зарегистрируйся, Для просмотра ссылки Войди или Зарегистрируйся, and Для просмотра ссылки Войди или Зарегистрируйся credential stealer to extract sensitive information from infected systems.
That's not all. Taking advantage of the fact that organizations aren't quickly mitigating known software vulnerabilities, the state-sponsored attackers are "targeting, scanning, and probing" US government networks for unpatched flaws in F5 Networks Big-IP Traffic Management User Interface (Для просмотра ссылки Войдиили Зарегистрируйся), Citrix VPN (Для просмотра ссылки Войди или Зарегистрируйся), Pulse Secure VPN (Для просмотра ссылки Войди или Зарегистрируйся), and Microsoft Exchange Servers (Для просмотра ссылки Войди или Зарегистрируйся) to compromise targets.
"Cyber threat actors also continue to identify large repositories of credentials that are available on the internet to enable brute-force attacks," the agency said. "While this sort of activity is not a direct result of the exploitation of emergent vulnerabilities, it demonstrates that cyber threat actors can effectively use available open-source information to accomplish their goals."
This is not the first time Chinese actors have worked on behalf of China's MSS to infiltrate various industries across the US and other countries.
In July, the US Department of Justice (DoJ) Для просмотра ссылки Войдиили Зарегистрируйся for their alleged involvement in a decade-long hacking spree spanning high tech manufacturing, industrial engineering, defense, educational, gaming software, and pharmaceutical sectors with an aim to steal trade secrets and confidential business information.
But it's not just China. Earlier this year, Israeli security firm ClearSky uncovered a cyberespionage campaign dubbed "Для просмотра ссылки Войдиили Зарегистрируйся" that targeted government, aviation, oil and gas, and security companies by exploiting unpatched VPN vulnerabilities to penetrate and steal information from target companies, prompting CISA to issue Для просмотра ссылки Войди или Зарегистрируйся urging businesses to secure their VPN environments.
Stating that sophisticated cyber threat actors will continue to use open-source resources and tools to single out networks with low-security posture, CISA has recommended organizations to patch Для просмотра ссылки Войдиили Зарегистрируйся, and "audit their configuration and patch management programs to ensure they can track and mitigate emerging threats."
[/SHOWTOGROUPS]
Для просмотра ссылки Войди
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a Для просмотра ссылки Войди
"CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said.
Over the past 12 months, the victims were identified through sources such as Для просмотра ссылки Войди
By compromising legitimate websites and leveraging spear-phishing emails with malicious links pointing to attacker-owned sites in order to gain initial access, the Chinese threat actors have deployed open-source tools such as Для просмотра ссылки Войди
That's not all. Taking advantage of the fact that organizations aren't quickly mitigating known software vulnerabilities, the state-sponsored attackers are "targeting, scanning, and probing" US government networks for unpatched flaws in F5 Networks Big-IP Traffic Management User Interface (Для просмотра ссылки Войди
"Cyber threat actors also continue to identify large repositories of credentials that are available on the internet to enable brute-force attacks," the agency said. "While this sort of activity is not a direct result of the exploitation of emergent vulnerabilities, it demonstrates that cyber threat actors can effectively use available open-source information to accomplish their goals."
This is not the first time Chinese actors have worked on behalf of China's MSS to infiltrate various industries across the US and other countries.
In July, the US Department of Justice (DoJ) Для просмотра ссылки Войди
But it's not just China. Earlier this year, Israeli security firm ClearSky uncovered a cyberespionage campaign dubbed "Для просмотра ссылки Войди
Stating that sophisticated cyber threat actors will continue to use open-source resources and tools to single out networks with low-security posture, CISA has recommended organizations to patch Для просмотра ссылки Войди
[/SHOWTOGROUPS]