Specialists from the Cybersecurity and Infrastructure Protection Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have disclosed data on vulnerabilities that Chinese hackers mostly use to attack government networks and critical US infrastructure.
In a joint report, federal agencies write that China’s “government hackers” are attacking U.S. and allied networks and technology companies to gain access to closed networks and steal intellectual property.Such cyberattacks in the report are called “one of the largest and most dynamic threats to government and civilian networks in the United States.”
Let me remind you that we also wrote that Chinese hack group APT10 attacks Taiwanese financial sector, and also that Chinese Hackers Attack Script-Kiddies Using SMS Bomber.
The joint study builds on previous reports from the NSA, CISA, and FBI that are regularly released to inform federal, state, local, and other authorities, as well as companies (including critical infrastructure organizations and the defense sector) of apparent attacker trends, tactics, and methods.
The bulletin also lists recommended mitigations for each of the vulnerabilities that Chinese hackers most commonly exploit, as well as methods for detecting them, which can help identify and block attempts at such attacks.
The final table of the most exploited vulnerabilities by Chinese hackers (starting from 2020) is as follows:
| Apache Log4j | CVE-2021-44228 | Remote code execution |
| Pulse Connect Secure | CVE-2019-11510 | Reading an arbitrary file |
| GitLab CE/EE | CVE-2021-22205 | Remote code execution |
| Atlassian | CVE-2022-26134 | Remote code execution |
| Microsoft Exchange | CVE-2021-26855 | Remote code execution |
| F5 Big-IP | CVE-2020-5902 | Remote code execution |
| VMware vCenter Server | CVE-2021-22005 | Uploading an arbitrary file |
| Citrix ADC | CVE-2019-19781 | Directory traversal |
| Cisco Hyperflex | CVE-2021-1497 | Command execution |
| Buffalo WSR | CVE-2021-20090 | Directory traversal |
| Atlassian Confluence Server and Data Center | CVE-2021-26084 | Remote code execution |
| Hikvision Webserver | CVE-2021-36260 | Command Injection |
| Sitecore XP | CVE-2021-42237 | Remote code execution |
| F5 Big-IP | CVE-2022-1388 | Remote code execution |
| Apache | CVE-2022-24112 | Authentication Bypass |
| ZOHO | CVE-2021-40539 | Remote code execution |
| Microsoft | CVE-2021-26857 | Remote code execution |
| Microsoft | CVE-2021-26858 | Remote code execution |
| Microsoft | CVE-2021-27065 | Remote code execution |
| Apache HTTP Server | CVE-2021-41773 | Directory traversal |
