As per the US government, China-sponsored attackers are targeting government agencies through flaws in Microsoft Exchange, Citrix, Pulse, and F5 devices and servers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA and the Federal Bureau of Investigation have warned that Chinese MSS-allied hackers are launching attacks against US government agencies and private companies by abusing flaws in publicly visible edge systems.
“According to a recent U.S. Department of Justice indictment, MSS-affiliated actors have targeted various industries across the United States and other countries—including high-tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; and defense—in a campaign that lasted over ten years. These hackers acted for both their own personal gain and the benefit of the Chinese MSS,” a CISA advisory warned today.
As part of their attacks, the Chinese hackers are on the lookout for susceptible and publicly bare devices using the Internet-device search engine Shodan and vulnerability databases, such as the Common Vulnerabilities and Exposure (CVE) and the National Vulnerabilities Database (NVD).
Above all, CISA has witnessed the hackers targeting flaws in F5, Citrix, Pulse Secure, and Microsoft Exchange Server to gain access to an organization’s network or gather data.
Once a network is affected, the China-sponsored attackers will download numerous tools that let them gain further access to computers on the network.
During digital forensics and incident response (DFIR), CISA has observed that the hackers are usually downloading precise tools—including Cobalt Strike, China Chopper Web Shell, and Mimikatz— as part of their attacks.
To shield against these types of attacks, CISA and the FBI recommend that all organizations carry out regular audits of their infrastructure and enforce a vigorous patch management policy.
“CISA and the FBI also recommend that organizations routinely audit their configuration and patch management programs to ensure they can track and mitigate emerging threats. Implementing a rigorous configuration and patch management program will hamper sophisticated cyber threat actors’ operations and protect organizations’ resources and information systems,” CISA and FBI recommended.