Recently, the US-NSA disclosed the top 25 vulnerabilities exploited by Chinese nation-state hackers. Read on to know more about it…
Cybercriminals are consistently scanning and exploiting publicly available security bugs. Recently, the National Security Agency (NSA) of the United States of America published a report, detailing the top 25 vulnerabilities exploited by hackers, urging organizations in the U.S. public and private sectors to prioritize for action.
These attackers in most cases employ the related job as other subtle actors. They first name their target, accumulate technical data, name vulnerabilities linked to the target, originate or reuse an exploit, after which open their assault operation.
The Vulnerabilities Report
According to the report, Chinese state-sponsored hackers were seen abusing these vulnerabilities to launch strategic hacking operations against a multitude of victim networks.
Most of these vulnerabilities belong to products related to remote access or external web services. Such products, accessible via the internet, are often exploited to gain initial access inside the victim’s network. Exploits in the enterprise products including gateways (including Citrix ADC and Gateway, Symantec Messaging Gateway), VPN (Pulse Secure VPN), load balancers (F5 BIG-IP), etc. could provide direct remote access to the attackers.
Several vulnerabilities in the list target Windows OS and its services, such as Remote Desktop Services (Blukeep vulnerability), Netlogon (Zerologon), DNS server (SigRed), etc. Additional products include business applications such as email servers (such as Microsoft Exchange, Exim mail), and application servers (such as Oracle WebLogic, Zoho ManageEngine, Adobe ColdFusion), that are being targeted by Chinese hackers.
Recent Exploitation of Security Flaws
Not only Chinese hackers but several other low-level malware groups, ransomware gangs, and other state-sponsored hackers (including Russia, and Iran) were seen exploiting the above-mentioned vulnerabilities.
Threats actors such as TA505, MuddyWater, and Ryuk were seen abusing the ZeroLogon vulnerability (CVE-2020-1472) to target public and private sector organizations. Hackers were seen combining VPN (CVE-2019-11510) and Windows bugs to gain access to government networks, for which CISA and the FBI had issued prior warnings.
F5 BIG-IP (CVE-2020-5902), and Pulse Secure VPN servers (CVE-2019-11510) were also recently targeted by hackers. In September, Iranian hacking group Pioneer Kitten was seen taking advantage of several unpatched vulnerabilities (CVE-2020-5902, CVE-2019-11510, and CVE-2019-19781) to target U.S. businesses and federal agencies.
The Road Ahead
The NSA advises organizations to prioritize patching these 25 vulnerabilities and notes here is a non-exhaustive list of what is available to, and utilized by, Chinese language attackers; nevertheless, these flaws are those known to be operationalized by China.
The exploitation of such security vulnerabilities could lead to the compromise of sensitive information related to a country’s policies, strategies, plans, and competitive advantage. Fortunately, all the vulnerabilities listed by researchers have patches available from their vendors. Thus, users are recommended to patch these and all other known vulnerabilities to avoid any undue risks to their infrastructure.