The National Security Agency (NSA) has issued a cybersecurity advisory aimed at defense and intelligence community contractors warning of Chinese state-sponsored cyber actors exploiting publicly- known network vulnerabilities.
“This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks,” the advisory said, adding that the vulnerabilities it lists can be exploited to gain initial access and act as gateways to internal networks.
NSA included a general list of mitigations that should be addressed:
- Update and patch systems and products as soon as patches and updates are released;
- Expect stolen data to not be alleviated by new patches if data was stolen or modified before patches were made;
- Disable external management capabilities and set up an out-of-band management network;
- Block obsolete and unused protocols at the network edge and disable them from device configurations;
- Isolate internet-facing services in a network “demilitarized zone” to reduce internal network exposure; and
- Enable robust logging of internet-facing services and monitor for signs of compromise.
“The same process for planning the exploitation of a computer network by any sophisticated cyber actor is used by Chinese state-sponsored hackers,” NSA said. “They often first identify a target, gather technical information on the target, identify any vulnerabilities associated with the target, develop or re-use an exploit for those vulnerabilities, and then launch their exploitation operation.”
NSA said it is “aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently scanned, targeted, and exploited by Chinese state-sponsored cyber actors.”
“NSA recommends that critical system owners consider these actions a priority, in order to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, and competitive advantage. Additionally, due to the various systems and networks that could be impacted by the information in this product outside of these sectors, NSA recommends that the CVEs above be prioritized for action by all network defenders,” the agency said.