iTnews Asia
  • Home
  • News
  • Security

Slack patching means easy pickings for Chinese govt hackers

Slack patching means easy pickings for Chinese govt hackers

F5 Big-IP, Citrix, Pulse VPN and Microsoft Exchange servers routinely exploited.

By Juha Saarinen on Sep 15, 2020 8:56AM

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a document that details how Chinese government affiliated hackers can compromise IT systems across a wide range of industries and official organisations with relative ease.

CISA with the help of the US Federal Bureau of Investigation said [pdf] they have observed that hackers acting for China's Ministry of State Security use readily available information and open source tools to identify and attack misconfigured or unpatched systems.

The information and tools are found in code repositories such as Github and Exploit-DB, where they are legitimately published for development and penetration testing purposes.

The tools include the Cobalt Strike set of pentesting utilities, the China Chopper webshell, and Mimikatz account credentials capturing program, CISA said.

Commercial tools were also used by the Chinese MSS hackers, who also turn to scanning sites such as Shodan.io to find vulnerable systems.

The state-sponsored threat activity methodology has been observed for over a decade now, and CISA analysts note that the hackers are quick to target vulnerabilities within days of their disclosure.

Recent well-published severe vulnerabilities that have been exploited by the Chinese hackers include those affecting F5 Big-IP firewalls and load balancers, Citrix and Pulse Secure virtual private networks, and Microsoft Exchange messaging servers, CISA said.

Since it is easy for hackers to quickly mount low-complexity attacks against networks with low security posture, CISA and the FBI recommend that organisations place an increased priority on patching routinely exploited vulnerabilities.

"Maintaining a rigorous patching cycle continues to be the best defence against the most frequently used attacks," CISA wrote.

"If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network," the cybersecurity agency added.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bigip china citrix f5 microsoft security

Related Articles

  • Tips on how to harness AI to transform your DDoS protection into proactive cyber defence
  • Malaysia secures communications for the upcoming ASEAN Summit
  • Ransomware gang Qilin claims attack on Japan’s Asahi breweries
  • IMDA and Enterprise Singapore launch SME-focused cybersecurity initiative
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Malaysia secures communications for the upcoming ASEAN Summit

Malaysia secures communications for the upcoming ASEAN Summit
Indonesia's national data centre suffers ransomware attack

Indonesia's national data centre suffers ransomware attack
Ransomware gang Qilin claims attack on Japan’s Asahi breweries

Ransomware gang Qilin claims attack on Japan’s Asahi breweries
Cyberthreats are now targeting critical infrastructure on a larger scale

Cyberthreats are now targeting critical infrastructure on a larger scale
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.