The US shares the top 20 vulnerabilities most exploited by Chinese hackers since 2020 until now
NSA, CISA and FBI have just released a list of vulnerabilities most exploited by Chinese hackers to target government and critical infrastructure networks.
Three federal agencies say that Chinese-sponsored hackers are targeting American and allied technology companies and networks to access sensitive networks and steal intellectual property.
"NSA, CISA and FBI continue to assess cyberattacks conducted by Chinese hackers as one of the largest and most dynamic threats to U.S. government and civilian networks," the security consultancy said . The general secret of the three agencies is clearly stated.
This new advisory builds on previous reports from NSA, CISA, and FBI to inform federal and state, local, tribal, and territorial (SLTT) governments; critical infrastructure, including the Defense Industrial Base Park; and private sector organizations on notable trends and long-standing tactics, techniques, and procedures (TTPs).
The consultancy also provides recommended mitigation measures for each security vulnerability most exploited by Chinese hackers as well as detection methods and vulnerable technologies for security units to detect and prevent. block future attacks.
According to the NSA, CISA and FBI, the following security holes have been exploited the most by Chinese hackers from 2020 up to now:
The firm | CVE | Vulnerability type |
Apache Log4j | CVE-2021-44228 | Remote Code Execution (RCE) |
Pulse Connect Secure | CVE-2019-11510 | Arbitrary file reading (AFR) |
GitLab CE/EE | CVE-2021-22205 | Remote Code Execution (RCE) |
Atlassian | CVE-2022-26134 | Remote Code Execution (RCE) |
Microsoft Exchange | CVE-2021-26855 | Remote Code Execution (RCE) |
F5 Big-IP | CVE-2020-5902 | Remote Code Execution (RCE) |
VMware vCenter Server | CVE-2021-22005 | Arbitrary file reading (AFR) |
Citrix ADC | CVE-2019-19781 | Path Traversal |
Cisco Hyperflex | CVE-2021-1497 | Command Line Execution (CLE) |
Buffalo WSR | CVE-2021-20090 | Relative Path Traversal |
Atlassian Confluence Server and Data Center | CVE-2021-26084 | Remote Code Execution (RCE) |
Hikvision Webserver | CVE-2021-36260 | Command Injection (CI) |
Sitecore XP | CVE-2021-42237 | Remote Code Execution (RCE) |
F5 Big-IP | CVE-2022-1388 | Remote Code Execution (RCE) |
Apache | CVE-2022-24112 | Spoofing bypasses authentication |
ZOHO | CVE-2021-40539 | Remote Code Execution (RCE) |
Microsoft | CVE-2021-26857 | Remote Code Execution (RCE) |
Microsoft | CVE-2021-26858 | Remote Code Execution (RCE) |
Microsoft | CVE-2021-27065 | Remote Code Execution (RCE) |
Apache HTTP Server | CVE-2021-41773 | Path Traversal |
Mitigation measures
NSA, CISA and FBI also urge US governments and allies, critical infrastructure and private sector organizations to adopt the following mitigation measures to defend against attacks by Chinese hackers cause.
The three federal agencies advise organizations to install security patches as soon as possible, use anti-phishing multi-factor authentication (MFA) whenever possible, and replace existing infrastructure. Using software that is no longer updated for security.
They also advise everyone to move to a Zero Trust security model and enable strict logging on internet-exposed services to detect attacks as early as possible.
You should read it
- Apple confirms the existence of a series of serious vulnerabilities that can cause iPhones to be hacked
- Detect 2 serious security holes in the Zoom application
- Summarizing the Pwn2Own 2019: Safari, VirtualBox was 'pierced' on the first day, Firefox, Edge on the second day and Tesla Model 3 'closed the window'
- High security but iPhone can still be hacked when accessing malicious websites
- 12 signs that your computer is hacked
- AMD patched a series of security holes in the graphics driver for Windows 10
- Signs show clearly that your system is being hacked
- Detecting security on TeamViewer allows hackers to steal the system password remotely
May be interested
- Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackersgoogle has just released chrome 91.0.4472.101 emergency update for windows, mac and linux to patch 14 security holes. among these is a critical zero-day vulnerability (cve-2021-30551) that is being actively exploited by hackers.
- Trojan attacks on dangerous errors in Windowsan unpatched vulnerability in windows has been confirmed by microsoft that could be exploited by hackers to take control of the new 'favored' trojan system.
- Detects Zero-Day vulnerabilities on Windows PC operating systems that allow administrative rightssecurity firm kaspersky (russia) has discovered a zero-day vulnerability on pc operating systems that has been exploited and exploited by hackers for a long time to control all systems running on the platform.
- Google patched two more zero-day vulnerabilities in Chromein just 3 weeks, google has fixed 5 zero-day vulnerabilities in chrome browser. you should keep google chrome up to date to avoid the risk of being exploited by hackers.
- Firefox releases urgent update to patch zero-day vulnerability being exploited by hackersmozilla has just released urgent updates for firefox 97.0.2, firefox esr 91.6.1, firefox for android 97.3.0 and focus 97.3.0 to fix two critical zero-day vulnerabilities being exploited by hackers.
- Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computerthe research team from qihoo 360's security unit discovered a zero-day vulnerability (the term refers to unpublished or unresolved vulnerabilities) on internet explorer.
- Chinese hackers target 27 major universities around the worldaccording to a recent report by network security company idefense, chinese hackers have conducted large-scale attacks to nearly 30 universities in the us and around the world.
- Baidu - 'Google' China has been defeated for 4 hourswhile google claims that google's chinese search site has been attacked by hackers and threatened to leave the market, baidu, google's chinese rival, has also been knocked out by hackers.
- Good hackers find and patch the vulnerability for more than 100,000 other routersrecently, zdnet has reported on a white hat hacker claiming to be alexey, specializing in finding vulnerabilities in mikrotik router system and patching up so that bad guys can't use them to do bad things.
- Chinese hackers use ransomware as bait to hide cyber espionagetwo chinese hacker groups are carrying out cyber espionage campaigns and stealing intellectual property from japanese and western companies. to cover up their espionage, these groups of hackers pretend they're spreading ransomware.