CISA Issues Chinese Hacking Groups Warning
US government agencies and private-sector companies have been warned to be on high alert for cyber-attacks by threat actors affiliated with the Chinese Ministry of State Security (MSS).
A joint security advisory on the cyber-threat was issued yesterday by the Cybersecurity and Infrastructure Security Agency (CISA) and the United States Department of Justice.
CISA said that it had observed MSS-affiliated cyber-threat actors “using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target US Government agencies.”
Publicly available information and open source exploit tools leveraged in the attacks have included China Chopper, Mimikatz, and Cobalt Strike.
The attacks have been going on for over a year, often targeting vulnerabilities in popular networking devices such as Microsoft Exchange email servers, Citrix and Pulse Secure VPN appliances, and F5 Big-IP load balancers.
CISA said that the best defense against the most frequently used attacks was to maintain a rigorous patching cycle.
“If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network,” states the advisory.
Victims of the attacks described by CISA had usually neglected to take every possible step to protect their digital assets.
“In most cases, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits,” read the advisory.
“Widespread implementation of robust configuration and patch management programs would greatly increase network security.”
CISA added that companies that made an effort to stay up-to-date with their cybersecurity could reduce the speed and frequency of cyber-attacks “by forcing threat actors to dedicate time and funding to research unknown vulnerabilities and develop custom exploitation tools.”
According to a recent US Department of Justice indictment, MSS-affiliated actors have targeted various industries across the United States and other countries in a campaign that lasted over a decade. Industries affected by the attacks include the high-tech manufacturers of medical devices, civil and industrial engineering, business, education, gaming, solar energy, pharmaceuticals, and defense.