Resources Hub
Blog
Infosec
Quality Engineering

Mitigating vulnerabilities exploited by PRC cyber actors.

Nikhil Badsheshi
November 14, 2022
5 mins
Priyanka Baruah
August 22, 2024
5 minute read
Share

According to the assessment made by NSA, CISA and FBI, the People’s Republic of China has sponsored cyber actors to exploit the commonly known vulnerabilities and exposures. These state-sponsored cyber actors exploit known vulnerabilities to actively target government as well as software and hardware companies to steal intellectual property and develop access into sensitive networks.

NSA, CISA, and FBI suggest governments, critical infrastructure, and private sector organizations to apply the recommendations listed in the mitigations section to increase their defensive posture and reduce the threat of compromise from the state-sponsored malicious cyber actors.

Also read: Defending Against DDoS Attacks: Strategies and Solutions

Top vulnerabilities exploited by PRC state-sponsored cyber actors since 2020

Companies affected – Apache, Pulse Connect Secure, GitLab, Atlassian, Microsoft, F5 Big-IP, VMware, Citrix ADC, Cisco, Buffalo, Hikvision, Sitecore, ZOHO.

Exploits – Remote Code Execution, Arbitrary File Read, Path Traversal, Command Line Execution, Command Injection, Authentication Bypass by Spoofing.

These state-sponsored actors continue to use virtual private networks (VPNs) to obfuscate their activities and target web-facing applications to establish initial access. Many of the vulnerabilities allow the actors to surreptitiously gain unauthorized access into sensitive networks, after which they seek to establish persistence and move laterally to other internally connected networks. PRC state-sponsored cyber actors continue to target government and critical infrastructure networks with an increasing array of new and adaptive techniques—some of which pose a significant risk to technology organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations.

Important mitigation measures

NSA, CISA, and FBI suggest organizations to apply the below recommendations on a regular basis:

  • Update and patch systems as soon as possible. Prioritize patching vulnerabilities identified in the CSA and other known exploited vulnerabilities.
  • Utilize phishing-resistant multi-factor authentication whenever possible. Mandate all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised.
  • Block obsolete or unused protocols at the network edge.
  • Upgrade or replace end-of-life devices.
  • Move toward the Zero-Trust security model.
  • Enable robust logging of internet-facing systems and monitor the logs for anomalous activity.

Resources:

Example H2
Example H3
Example H4
Example H5
Example H6
More Industry Insights

Harnessing Altimetrik’s Expertise

Go to Blog

Your vision, our expertise—let’s make it happen.

contact us
Services
Digital BusinessPlatform ModernizationAI/GenAI
Industries
BFSILife SciencesRetail & CPGAuto & Manufacturing
Capabilities
Site Reliability Engineering (SRE)Cloud EngineeringDevSecOpsInformation SecurityAgileQuality EngineeringSalesforce
Resources
BlogCase StudiesWhite PapersVideos
About
About UsLeadershipPressCareers
Altimetrik
© 2024 Altimetrik Corp.
Privacy PolicyCookiesTransparency in Coverage Rule