The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State Security (MSS). CISA says these hacking groups rely largely upon open-source collection, public exploits, and known vulnerabilities to compromise networks. These techniques aren’t technically sophisticated, but they don’t need to be.
“The continued use of open-source tools by Chinese MSS-affiliated cyber threat actors highlights that adversaries can use relatively low-complexity capabilities to identify and exploit target networks,” CISA says. “In most cases, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits.”
Some of the top vulnerabilities exploited by Chinese threat actors over the past twelve months include serious flaws in F5’s Big-IP, Citrix and Pulse Secure VPNs, and Microsoft Exchange Server. Patches are available for all of these vulnerabilities, but the hackers are able to exploit them before organizations apply the fixes.
The threat actors are also using repositories of leaked usernames and passwords to launch credential-stuffing attacks against accounts.
“While this sort of activity is not a direct result of the exploitation of emergent vulnerabilities, it demonstrates that cyber threat actors can effectively use available open-source information to accomplish their goals,” the agency says. “Further, a threat actor does not require a high degree of competence or sophistication to successfully carry out this kind of opportunistic attack.”
Additionally, CISA says these groups are sending spear phishing emails with malicious links to gain initial access to networks.
“In the last 12 months, CISA has observed Chinese MSS-affiliated actors use spear phishing emails with embedded links to actor-owned infrastructure and, in some cases, compromise or poison legitimate sites to enable cyber operations,” the advisory states.
Alert employees who are resistant to criminal social engineering are also forearmed against many of the things professional spies will throw at them. New-school security awareness training can provide your organization with an essential layer of defense by enabling your employees to thwart social engineering attacks.
CISA has the story.