iTnews Asia
  • Home
  • News
  • Security

Slack patching means easy pickings for Chinese govt hackers

Slack patching means easy pickings for Chinese govt hackers

F5 Big-IP, Citrix, Pulse VPN and Microsoft Exchange servers routinely exploited.

By Juha Saarinen on Sep 15, 2020 8:56AM

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a document that details how Chinese government affiliated hackers can compromise IT systems across a wide range of industries and official organisations with relative ease.

CISA with the help of the US Federal Bureau of Investigation said [pdf] they have observed that hackers acting for China's Ministry of State Security use readily available information and open source tools to identify and attack misconfigured or unpatched systems.

The information and tools are found in code repositories such as Github and Exploit-DB, where they are legitimately published for development and penetration testing purposes.

The tools include the Cobalt Strike set of pentesting utilities, the China Chopper webshell, and Mimikatz account credentials capturing program, CISA said.

Commercial tools were also used by the Chinese MSS hackers, who also turn to scanning sites such as Shodan.io to find vulnerable systems.

The state-sponsored threat activity methodology has been observed for over a decade now, and CISA analysts note that the hackers are quick to target vulnerabilities within days of their disclosure.

Recent well-published severe vulnerabilities that have been exploited by the Chinese hackers include those affecting F5 Big-IP firewalls and load balancers, Citrix and Pulse Secure virtual private networks, and Microsoft Exchange messaging servers, CISA said.

Since it is easy for hackers to quickly mount low-complexity attacks against networks with low security posture, CISA and the FBI recommend that organisations place an increased priority on patching routinely exploited vulnerabilities.

"Maintaining a rigorous patching cycle continues to be the best defence against the most frequently used attacks," CISA wrote.

"If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network," the cybersecurity agency added.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bigip china citrix f5 microsoft security

Related Articles

  • Your organisation’s physical security can be a gateway for cybercriminals
  • The best way to outsmart your threat actors is to think like one
  • How cybercriminals are exploiting LLMs to harm your business
  • Is identity now the next parameter of cybersecurity breaches?
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

The best way to outsmart your threat actors is to think like one

The best way to outsmart your threat actors is to think like one
Your organisation’s physical security can be a gateway for cybercriminals

Your organisation’s physical security can be a gateway for cybercriminals
What are the most pressing cyber security concerns going into 2025?

What are the most pressing cyber security concerns going into 2025?
Malaysia ramps up cyber security defense to stem rising fraud and ransomware attacks

Malaysia ramps up cyber security defense to stem rising fraud and ransomware attacks
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.