Chinese government-sponsored attackers rely heavily on known but generally unpacked vulnerabilities to “establish a broad network of compromised infrastructure,” the US Federal Security Agency warned.
Previously unknown (Zero-Day) vulnerabilities and novel exploits usually capture a lot of headlines, with China being the main source for attacking “publicly known” flaws with US government cybersecurity and the Infrastructure Security Agency (CISA) and FBI US advice. Cyber-espionage.
Advisory provides a list of network device CVEs most frequently exploited by PRC state-sponsored cyber actors from 2020 onwards.
Errors are often listed on small business-centered routers, SSL VPNs, and network-attached storage (NAS) devices such as Cisco, Fortinet, Netgear, and QNAP. Some major attacks in the game can achieve remote code execution (RCE) against unpatched systems, while others accomplish their goals by achieving authentication bypass or privilege elevation.
Attackers with Chinese state support use publicly available exploit codes against virtual private network (VPN) services or public-facing applications, hacking major telecommunications companies and network service providers and creating a platform for further attacks.
According to a previous CISA report by the US Intel Agency, hacked systems “serve as additional access points to root command and control (C2) traffic, and as intermediate points for network intrusion on other organizations”.
By creating a network of compromised systems that serve as a platform for subsequent attacks, Chinese APTs are hiding or obscuring the source of attacks, making detection and response even more challenging.
Industry experts say CISA’s latest advice is designed to convey the importance of home prompt patching.
Backbox CEO Andrew Cole commented: “Last month the CISA released the Joint Advice (PDF), which recommended prioritizing patching software with known vulnerabilities.
“These two indications indicate that threat actors within a month of each other are mostly targeting known vulnerabilities, as they understand that most companies are slow to implement patches.”
Kohl added: “One of the most common vectors for attackers is vulnerabilities, otherwise they may be sticky. In fact, 87% of companies have tried to exploit an already known, existing vulnerability.
Terry Oles, director of sales engineering at Skybox, said the CISA’s warning suggested the need to adopt enterprise vulnerability remediation strategies to provide better coverage for less vulnerable but actively exploited vulnerabilities.
Prompt triage helps companies to protect themselves from attacks from a variety of potential competitors.
“Cybercriminals are increasingly targeting known vulnerabilities hidden in the plain sight and turning them into backdoors to deploy record-breaking complex attacks,” Oles said.
“If organizations rely solely on traditional approaches to vulnerability management, they can only move to identify the most severe vulnerabilities based on the General Vulnerability Scoring System (CVSS).”
Olls concludes: “Cybercriminals know how many companies manage their cybersecurity, so they have learned to take advantage of vulnerabilities that make it less difficult to manage their attacks.”
