The US shares the top 20 vulnerabilities most exploited by Chinese hackers since 2020 until now
NSA, CISA and FBI have just released a list of vulnerabilities most exploited by Chinese hackers to target government and critical infrastructure networks.
Three federal agencies say that Chinese-sponsored hackers are targeting American and allied technology companies and networks to access sensitive networks and steal intellectual property.
"NSA, CISA and FBI continue to assess cyberattacks conducted by Chinese hackers as one of the largest and most dynamic threats to U.S. government and civilian networks," the security consultancy said . The general secret of the three agencies is clearly stated.
This new advisory builds on previous reports from NSA, CISA, and FBI to inform federal and state, local, tribal, and territorial (SLTT) governments; critical infrastructure, including the Defense Industrial Base Park; and private sector organizations on notable trends and long-standing tactics, techniques, and procedures (TTPs).
The consultancy also provides recommended mitigation measures for each security vulnerability most exploited by Chinese hackers as well as detection methods and vulnerable technologies for security units to detect and prevent. block future attacks.
According to the NSA, CISA and FBI, the following security holes have been exploited the most by Chinese hackers from 2020 up to now:
The firm | CVE | Vulnerability type |
Apache Log4j | CVE-2021-44228 | Remote Code Execution (RCE) |
Pulse Connect Secure | CVE-2019-11510 | Arbitrary file reading (AFR) |
GitLab CE/EE | CVE-2021-22205 | Remote Code Execution (RCE) |
Atlassian | CVE-2022-26134 | Remote Code Execution (RCE) |
Microsoft Exchange | CVE-2021-26855 | Remote Code Execution (RCE) |
F5 Big-IP | CVE-2020-5902 | Remote Code Execution (RCE) |
VMware vCenter Server | CVE-2021-22005 | Arbitrary file reading (AFR) |
Citrix ADC | CVE-2019-19781 | Path Traversal |
Cisco Hyperflex | CVE-2021-1497 | Command Line Execution (CLE) |
Buffalo WSR | CVE-2021-20090 | Relative Path Traversal |
Atlassian Confluence Server and Data Center | CVE-2021-26084 | Remote Code Execution (RCE) |
Hikvision Webserver | CVE-2021-36260 | Command Injection (CI) |
Sitecore XP | CVE-2021-42237 | Remote Code Execution (RCE) |
F5 Big-IP | CVE-2022-1388 | Remote Code Execution (RCE) |
Apache | CVE-2022-24112 | Spoofing bypasses authentication |
ZOHO | CVE-2021-40539 | Remote Code Execution (RCE) |
Microsoft | CVE-2021-26857 | Remote Code Execution (RCE) |
Microsoft | CVE-2021-26858 | Remote Code Execution (RCE) |
Microsoft | CVE-2021-27065 | Remote Code Execution (RCE) |
Apache HTTP Server | CVE-2021-41773 | Path Traversal |
Mitigation measures
NSA, CISA and FBI also urge US governments and allies, critical infrastructure and private sector organizations to adopt the following mitigation measures to defend against attacks by Chinese hackers cause.
The three federal agencies advise organizations to install security patches as soon as possible, use anti-phishing multi-factor authentication (MFA) whenever possible, and replace existing infrastructure. Using software that is no longer updated for security.
They also advise everyone to move to a Zero Trust security model and enable strict logging on internet-exposed services to detect attacks as early as possible.
You should read it
- Internet Explorer has vulnerabilities, unused users are still hacked
- Warning: Huawei's 4G USB contains a serious security flaw
- Apple confirms the existence of a series of serious vulnerabilities that can cause iPhones to be hacked
- Detect 2 serious security holes in the Zoom application
- Summarizing the Pwn2Own 2019: Safari, VirtualBox was 'pierced' on the first day, Firefox, Edge on the second day and Tesla Model 3 'closed the window'
- High security but iPhone can still be hacked when accessing malicious websites
- 12 signs that your computer is hacked
- AMD patched a series of security holes in the graphics driver for Windows 10
- Signs show clearly that your system is being hacked
- Detecting security on TeamViewer allows hackers to steal the system password remotely
- Detecting a series of vulnerabilities can help hackers disable metal detectors at airports
- This is a group of hackers who have successfully hacked Tesla's autopilot system, they hacked Safari on Mac OS in just 20 seconds.