Gadget Page
No Result
View All Result
  • Home
  • Apps
  • Gadget Info
  • Gaming
PRICING
SUBSCRIBE
  • Home
  • Apps
  • Gadget Info
  • Gaming
No Result
View All Result
Gadget Page
No Result
View All Result
Home Uncategorized

CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

gadgetpage by gadgetpage
September 15, 2020
Reading Time: 5 mins read
0
CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

RELATED POSTS

Puedes descargar Age of Empires III gratis y legalmente

Vanessa Kirby will play Sue Storm in Fantastic Four

Tower of Fantasy: Einjähriges Jubiläum und großes Update 3.1 angekündigt


The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities.

“CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People’s Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks,” the cybersecurity agency said.

Over the past 12 months, the victims were identified through sources such as Shodan, the Common Vulnerabilities and Exposure (CVE) database, and the National Vulnerabilities Database (NVD), exploiting the public release of a vulnerability to pick vulnerable targets and further their motives.

cybersecurity

By compromising legitimate websites and leveraging spear-phishing emails with malicious links pointing to attacker-owned sites in order to gain initial access, the Chinese threat actors have deployed open-source tools such as Cobalt Strike, China Chopper Web Shell, and Mimikatz credential stealer to extract sensitive information from infected systems.

That’s not all. Taking advantage of the fact that organizations aren’t quickly mitigating known software vulnerabilities, the state-sponsored attackers are “targeting, scanning, and probing” US government networks for unpatched flaws in F5 Networks Big-IP Traffic Management User Interface (CVE-2020-5902), Citrix VPN (CVE-2019-19781), Pulse Secure VPN (CVE-2019-11510), and Microsoft Exchange Servers (CVE-2020-0688) to compromise targets.

“Cyber threat actors also continue to identify large repositories of credentials that are available on the internet to enable brute-force attacks,” the agency said. “While this sort of activity is not a direct result of the exploitation of emergent vulnerabilities, it demonstrates that cyber threat actors can effectively use available open-source information to accomplish their goals.”

This is not the first time Chinese actors have worked on behalf of China’s MSS to infiltrate various industries across the US and other countries.

In July, the US Department of Justice (DoJ) charged two Chinese nationals for their alleged involvement in a decade-long hacking spree spanning high tech manufacturing, industrial engineering, defense, educational, gaming software, and pharmaceutical sectors with an aim to steal trade secrets and confidential business information.

But it’s not just China. Earlier this year, Israeli security firm ClearSky uncovered a cyberespionage campaign dubbed “Fox Kitten” that targeted government, aviation, oil and gas, and security companies by exploiting unpatched VPN vulnerabilities to penetrate and steal information from target companies, prompting CISA to issue multiple security alerts urging businesses to secure their VPN environments.

Stating that sophisticated cyber threat actors will continue to use open-source resources and tools to single out networks with low-security posture, CISA has recommended organizations to patch routinely exploited vulnerabilities, and “audit their configuration and patch management programs to ensure they can track and mitigate emerging threats.”





Source link

Share this:

  • Twitter
  • Facebook
Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
ShareTweetPin
gadgetpage

gadgetpage

Related Posts

Puedes descargar Age of Empires III gratis y legalmente
Uncategorized

Puedes descargar Age of Empires III gratis y legalmente

August 4, 2023
Vanessa Kirby will play Sue Storm in Fantastic Four
Uncategorized

Vanessa Kirby will play Sue Storm in Fantastic Four

August 4, 2023
Tower of Fantasy: Einjähriges Jubiläum und großes Update 3.1 angekündigt
Uncategorized

Tower of Fantasy: Einjähriges Jubiläum und großes Update 3.1 angekündigt

August 3, 2023
OLED-Roadmap 2024: Monitorhersteller gibt Einblicke
Uncategorized

OLED-Roadmap 2024: Monitorhersteller gibt Einblicke

August 2, 2023
Samsung Galaxy SmartTag 2: Zertifizierung zeigt neues Design – Allround-PC.com
Uncategorized

Samsung Galaxy SmartTag 2: Zertifizierung zeigt neues Design – Allround-PC.com

August 2, 2023
Samsung Galaxy S23 FE: Neue Details zur Kamera
Uncategorized

Samsung Galaxy S23 FE: Neue Details zur Kamera

August 2, 2023
Next Post
Risky development practice leaves company access keys exposed

Risky development practice leaves company access keys exposed

Zoom makes 2FA available for all its users | WeLiveSecurity

Zoom makes 2FA available for all its users | WeLiveSecurity

Recommended Stories

Olympus 150-400mm F4.5 with built-in 1.25x Extender – Newsshooter

Olympus 150-400mm F4.5 with built-in 1.25x Extender – Newsshooter

November 17, 2020
Rakuten Mobile launches 5G service, but only in a few areas

Rakuten Mobile launches 5G service, but only in a few areas

September 30, 2020
Russian model transforms Tatsumaki into a maid  Atomics

Russian model transforms Tatsumaki into a maid Atomics

October 13, 2022

Popular Stories

  • Xiaomi 13T is said to have a flagship camera on board – macro rubbish thrown away

    Xiaomi 13T is said to have a flagship camera on board – macro rubbish thrown away

    0 shares
    Share 0 Tweet 0
  • Gamescom 2023: Asus Republic of Gamers event with new products and contests

    0 shares
    Share 0 Tweet 0
  • Horizon Forbidden West, new major event: all accounts

    0 shares
    Share 0 Tweet 0
  • iPhone 12 mini Review | Trusted Reviews

    0 shares
    Share 0 Tweet 0
  • Zoom Am7 Microphone for USB-C Android Phones Announced | CineD

    0 shares
    Share 0 Tweet 0
  • Home
  • Apps
  • Gadget Info
  • Gaming
Call us: +1 234 JEG THEME

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Apps
  • Gadget Info
  • Gaming

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?