NSA Advisory on Chinese Government Hacking

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers.

This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritized for immediate patching.

Posted on October 21, 2020 at 9:21 AM15 Comments

Comments

Clive Robinson October 21, 2020 1:02 PM

@ ALL,

We should all know by now that any country technically capable, or with sufficient assets to buy technical expertise are into cyper espionage, and some a lot lot worse.

Thus it would be nice if the NSA actually just gave the top 50-200 vulnerabilities.

Rather than getting geo-political.

I’m reasonably certain that China is not the only ones using these vulnerabilities. But the implication of the title etc makes it appear otherwise.

Thus some people might make the mistake of blocking all the Chinese IP address ranges and assume they are thus sage from these vulnerabilities rather thsn actually fix the problems properly…

Andrew Appel October 21, 2020 1:39 PM

“nation-state attacker” . . . that phrase has a three-letter abbreviation that’s so much more evocative than the boring old “advanced persistent threat”.

Gem October 21, 2020 6:28 PM

I believe they are of the opinion that the Chinese Communist Party has more of a reason to hack the US now. Perhaps this is because the CCP want to appear to be doing far better than the US.

It could be that they see such a motive and want to focus defense and awareness against them specifically to mitigate and damage they could do to the US in general.

This is speculation but the tensions between the US and the CCP do seem higher than the usual high to me.

lurker October 22, 2020 1:52 AM

If it is the Chinese (qv. attribution) they’re poking at cracks in serious enterprise level gear. No bystanders were harmed, yet…

Gem October 22, 2020 3:25 AM

@lurker

Everything in a nation is connected. The tensions within the United States (US) seem very high at the moment, it seems politically and socially fragile. The last thing needed would be further impacts on the functioning of anything right now. It could even more seriously harm the US in such a chaotic time.

Attacking enterprise gear could also be part of a larger attack plan; such as poking at cracks in Siemens PLCs.

I really feel this response from the US is because it is a prime moment in history for attacks from a large and competing Chinese Communist Party (CCP).

  • COVID-19
    Everyone is distancing
    Everyone is wearing masks
    These are necessary but harm morale
  • Political tensions in general
    The tensions have seemed high for years
    They seem to be getting even higher
  • Second very divided presidential election
    No description required

Power is relative. I believe the CCP would like to show they are doing infinitely better than the US during this pandemic.

The CCP and the US are in competition to be the top world superpower.

I see why they may be more worried about the CCP specifically, and especially in these times.

Tm October 22, 2020 9:11 AM

“I’m reasonably certain that China is not the only ones using these vulnerabilities. But the implication of the title etc makes it appear otherwise.”

Seconded. That political packaging is childish grandstanding.

Winter October 22, 2020 11:42 AM

It is somehow fitting that the other news is that Edward Snowden has obtained a permanent resident status in Russia.

Subversion & Duplicity October 22, 2020 10:42 PM

Russia & Iran target all the same vulnerabilities. In Russia’s case people are all ready getting hurt.

https://www.nytimes.com/2019/10/08/world/europe/unit-29155-russia-gru.html
One thing the article does not state is that we have in fact know about foreign actors carrying out activities of subversion that include murder, trafficking, bribery, political interference, abduction, torture, poisoning and espionage. These activities have been taking place since the 1980’s, and apart from a name change, remain essentially the same due to a lack of inaction by public prosecutors.

The fear of scandal due to inaction along with the casual acceptance of bribery within public departments has allowed these activities to carry on until the present day. That is why we can hang a rat in his jail cell and why the Russians have a bitch in the Whitehouse. This problem extends outside the US as well, so it is a common failure of all Western allies. We have grown fat, lazy, greedy and complacent. Our societies are unequal, discontent has grown, and problems are ignored unless caught live on a video camera. This a perfect environment for foreign actors to operate in. Why do you think all your children are on drugs and everyone is divided down ideological lines? Work it out, it is a pretty simple picture, we have all been played like the fools we are.

Ismar October 23, 2020 3:24 AM

Very positive development by NSA , now we would like the Chinese to provide the list of the most favourite exploits used by NSA so we all end up with more secure cyberspace
Regarding the USA election meddling, it has been done in the past and will be done in the future via any means possible and by more then just a few usual suspects. It is upto FBI to guard against it but not be biased against any one state or method of influence
Stay safe and please all Americans use your brains a bit more when voting as that is the best guard against any interference

john doe October 23, 2020 3:36 AM

Putin noted that Russia has been sharing highly sensitive military technologies with China that helped significantly bolster China’s defence capability, but didn’t mention any specifics, saying the information is sensitive.

brisbanetimes.com.au/world/asia/possible-to-imagine-putin-russia-china-military-alliance-can-t-be-ruled-out-20201023-p567tl.html

SpaceLifeForm October 28, 2020 1:58 AM

@ Clive, All

Not going to read the PDF, but anyway, I’ll bet almost all are Windows.

Clive Robinson October 28, 2020 2:23 AM

@ SpaceLifeForm,

I’ll bet almost all are Windows.

I’d have to read it again to be sure, but yes if memory serves correctly, I think you would win that bet.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.