The National Security Agency (NSA), the US Cyber Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have just compiled the top 20 major software flaws used since 2020 by China-backed hackers. According to this shared opinion, these hackers are actively using the networks of the US government and its allies, as well as companies in the technology or defense sector.
French cyber-firefighter Anssi also denounced the high-profile computer espionage activities linked to known Chinese practices in its latest annual report. “The rise of China is reflected, in particular, in extremely important cyber activity, perhaps more important in recent months than the activity of Russia,” Stéphane Bouillon, secretary general of defense and national security in charge of SGDSN, also noted a few days ago in front of the senators.
One of the biggest threats
“The NSA, CISA, and FBI continue to view Chinese-sponsored cyber activity as one of the most significant and dynamic threats to U.S. civilian and government networks,” the three agencies said in a statement. CISA reported this week that several Chinese-backed hacker groups have been active on defense industry networks, gaining access through their Microsoft Exchange Server infrastructure. This messaging service is on the brink again after discovering vulnerabilities similar to those in ProxyShell last year.
Among the top 20 vulnerabilities exploited by China-backed hackers are four Microsoft Exchange Server vulnerabilities: CVE-2021-26855, a remote code execution error, as well as CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. . All of these vulnerabilities are part of the Exchange Server ProxyLogon pre-authentication vulnerabilities disclosed in 2021. Microsoft warned in July that these vulnerabilities were used in conjunction with malware designed for networks using the Internet Information Services (IIS) web server. online.
Risk to organizations that have not updated their software
Other commonly exploited vulnerabilities include vulnerabilities in Apache Log4Shell and the code sharing platform GitLab, network equipment specialist F5 Networks, VPN terminals, and popular products from VMware, Cisco, and Citrix. All of these deficiencies are well known and pose a risk to organizations that have not applied available software updates. GitLab and Atlassian Confluence vulnerabilities stand out because the hackers target IT development and operations tools.
“These government-sponsored entities continue to use virtual private networks (VPNs) to hide their activities and target web applications to establish initial access,” CISA notes. Many of the top 20 vulnerabilities “allow attackers to covertly gain unauthorized access to sensitive networks, after which they try to move to other internal networks,” she adds. Agencies recommend updating their software, using multi-factor authentication, disabling unused protocols at the network edge, getting rid of end-of-life devices, implementing a zero-trust model, and enabling registration of systems connected to the Internet.