US agency red flags Chinese state-affiliated cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA), a national risk advisor that forms part of the US Department of Homeland Security, pulled no punches in an “alert” about China published on its website.

“[CISA],” it said, “has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques and procedures to target US government agencies.”

The hackers have also targeted private sector companies and other entities, exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

The report comes against a backdrop of US sanctions against Chinese supplier Huawei, which President Donald Trump has repeatedly claimed is at the beck and call of the Chinese state.

The latest CISA report on China looks bound to fuel those suspicions, even though it made no explicit mention of the Chinese supplier.

All too easy
Aside from the ongoing cyberattacks, CISA expressed anxiety that “continued use of open-source tools by Chinese MSS-affiliated cyber threat actors highlights that adversaries can use relatively low-complexity capabilities to identify and exploit target networks.”

In most cases, bemoaned the national risk advisor, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits.

To read the complete article, visit Light Reading.