The US National Security Agency (NSA) has issued a cybersecurity advisory listing a range of vulnerabilities known to be recently leveraged by Chinese state-sponsored actors to hack US entities.
Most of the vulnerabilities listed by the agency “can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks,” the NSA says.
“The majority of the products are either for remote access or for external web services, and should be prioritized for immediate patching,” according to the notice.
The NSA says it is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently scanned and targeted by Chinese state-sponsored hackers. The agency therefore recommends that “critical system owners consider these actions a priority, in order to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, and competitive advantage.”
In a bid to get IT administrators to listen, the NSA notes that the same process for planning the exploitation of a computer network by any sophisticated cyber actor is also actively being used by Chinese state-sponsored hackers against American entities.
“They often first identify a target, gather technical information on the target, identify any vulnerabilities associated with the target, develop or re-use an exploit for those vulnerabilities, and then launch their exploitation operation,” the NSA warns.
A list of general mitigation steps is also provided, including rule-of-thumb tips like keep systems up to date, apply patches, make password changes to compromised accounts, disable external management capabilities and set up out-of-band management networks, block obsolete or unused protocols, use proper network configurations and monitor logs for signs of compromise.
In a press release issued this week, NSA Cybersecurity Director Anne Neuberger said the agency hopes the document will enable cybersecurity professionals to “gain actionable information to prioritize efforts and secure their systems.”