a joint advisory published on June 7, 2022 by the Cybersecurity & Infrastructure Security Agency, the FBI and the National Security Agency titled “State-sponsored Cyber Actors in the People’s Republic of China Exploit Network Providers and Devices”, warns that Chinese-sponsored cyber actors are exploiting “vulnerabilities to establish a vast web of compromised infrastructure. Entities attacked by hackers include “public and private sector organizations”, including telecommunications companies and network service providers.
Key vulnerabilities exploited by attackers include “Common Vulnerabilities and Exposures (CVEs) associated with network devices routinely exploited by cyber actors since 2020,” including “unpatched network devices.”
According to the Alert, “These cyber actors are constantly evolving and adapting their tactics to circumvent defenses. The NSA, CISA, and FBI have observed state-sponsored cyber actors monitoring the accounts and actions of network defenders, then modifying their ongoing campaign as needed to avoid detection. The cyber actors changed their infrastructure and tools immediately after the publication of information related to their ongoing campaigns. PRC state-sponsored cyber actors often mix their custom toolset with publicly available tools, especially leveraging tools native to the network environment, to obfuscate their activity by blending in noise or normal network activity.
The list of CVEs most commonly exploited by China-based hackers is provided in the alert. The alert is intended to “urge” organizations to apply the recommended mitigation and detection methods described in the alert and provides resources for further information.