A joint advisory issued June 7, 2022, by the Cybersecurity & Infrastructure Security Agency, FBI and the National Security Agency entitled “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices,” warns that Chinese-Sponsored cyber actors are exploiting “publicly known vulnerabilities in order to establish a broad network of compromised infrastructure.” The entities attacked by the hackers include “public and private sector organizations” including telecommunications companies and network service providers.
The top vulnerabilities exploited by the attackers include “Common Vulnerabilities and Exposures (CVEs)-associated with network devices routinely exploited by the cyber actors since 2020,” including “unpatched network devices.”
According to the Alert, “These cyber actors are also consistently evolving and adapting tactics to bypass defenses. The NSA, CISA, and FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected. Cyber actors have modified their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns. PRC state-sponsored cyber actors often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network.”
The list of CVEs most commonly exploited by the Chinese-based hackers are provided in the Alert. The Alert is meant to “urge” organizations to apply recommended mitigation and detection methods outlined in the Alert and provides resources for more information.