NSA warns industry about China hacks
The National Security Agency released details on 25 existing vulnerabilities that Chinese state-sponsored threat groups are using to try to penetrate defense industrial base networks.
The National Security Agency released details on 25 existing vulnerabilities that Chinese state-sponsored threat groups are using to try to penetrate defense industrial base networks.
NSA's advisory, issued Oct. 20, details 25 known and patchable bugs that are "known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks."
These common vulnerabilities and exposures are used by hackers to get a foothold on targeted networks and conduct reconnaissance about network defenses. The CVEs cover a variety of systems, including email and application servers as well as domain controllers, but the common thread is that they involve tools that manage connections between networks and the open internet.
Most of the CVEs were identified in the last two years, but a few date back longer than that, and patches and other mitigation strategies already exist that address all of them. What's new here is that NSA is identifying Chinese state-sponsored groups as actively leveraging these weaknesses to target information networks belonging to the defense industrial base, the Department of Defense and other national security systems.
"We hear loud and clear that it can be hard to prioritize patching and mitigation efforts. We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems," NSA Cybersecurity Director Anne Neuberger said in a statement.
The threat of Chinese intrusion into defense industrial base networks is nothing new. In its 2020 report to Congress on China's growing military power, released last month, DOD stated that China "uses its cyber capabilities to not only support intelligence collection against U.S. diplomatic, economic, academic, and defense industrial base sectors, but also to exfiltrate sensitive information from the defense industrial base to gain military advantage."
The report noted that "targeted information could enable [People's Liberation Army] cyber forces to build an operational picture of U.S. defense networks, military disposition, logistics and related military capabilities that could be exploited prior to or during a crisis…. In in aggregate, these cyber-enabled campaigns threaten to erode U.S. military advantages and imperil the infrastructure and prosperity on which those advantages rely."
Currently DOD is in the midst of an effort to force contractors to get their cybersecurity hygiene in order. The Cybersecurity Maturity Model Certification program requires compliance with National Institute of Standards and Technology guidelines for safeguarding government information in non-governmental systems. These guidelines include staying on top of patching and monitoring audit logs for malicious code and the remote execution of privileged functions by unauthorized users.
This article first appeared on FCW, a Defense Systems partner site.