HomeTech NewsCybersecurityChinese Cybergangs: The Most-Attacked Vulnerabilities

Chinese Cybergangs: The Most-Attacked Vulnerabilities

- Advertisement -

US cyber security agencies provide a list of the top vulnerabilities currently being attacked by Chinese cyber gangs.


In a joint report, the US authorities National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have compiled a list of the security vulnerabilities most frequently attacked by Chinese state cybergangs since 2020. State-directed cyber actors continue to target known vulnerabilities in US and allied networks, as well as software and hardware manufacturers, to steal intellectual property and gain access to sensitive networks. The NSA, CISA and FBI are urging governments and private sector organizations to take available and known countermeasures.

- Advertisement -


Authorities continue to rank China’s state-sponsored cyber activities as one of the greatest and most dynamic threats to US government and civilian networks. Chinese cyber actors are targeting government and critical infrastructure networks with an increasing number of new and adapted techniques, some of which pose significant risk to IT sector organizations including telecom providers, military-industrial complex organizations and other critical infrastructure organizations represent.

The state-controlled cybergangs exploit known vulnerabilities and use publicly available tools, among other things, to attack interesting networks. They attack the security gaps and nest themselves in compromised networks.

In descending order, Chinese cybercriminals target the following vulnerabilities the most:

- Advertisement -
Offerer CVE vulnerability type
Apache Log4j CVE-2021-44228 Remote code execution
Pulse Connect Secure CVE-2019-11510 Arbitrary File Read
GitLab CE/EE CVE-2021-22205 Remote code execution
Atlasian CVE-2022-26134 Remote code execution
MicrosoftExchange CVE-2021-26855 Remote code execution
F5 Big IP CVE-2020-5902 Remote code execution
VMware vCenter Server CVE-2021-22005 Arbitrary file upload
Citrix ADC CVE-2019-19781 Path Traversal
Cisco Hyperflex CVE-2021-1497 Command Line Execution
Buffalo ESC CVE-2021-20090 Relative Path Traversal
Atlassian Confluence Server and Data Center CVE-2021-26084 Remote code execution
Hikvision web server CVE-2021-36260 command injection
Sitecore XP CVE-2021-42237 Remote code execution
F5 Big IP CVE-2022-1388 Remote code execution
Apache CVE-2022-24112 Authentication bypass by spoofing
ZOHO CVE-2021-40539 Remote code execution
Microsoft CVE-2021-26857 Remote code execution
Microsoft CVE-2021-26858 Remote code execution
Microsoft CVE-2021-27065 Remote code execution
Apache HTTP Server CVE-2021-41773 Path Traversal

The attackers rely on virtual private networks (VPNs) to conceal their activities. They primarily direct their attacks against web applications in order to gain initial access. Many of the CVEs listed in the table allow malicious actors to stealthily gain unauthorized access to sensitive networks. They then usually try to nest and spread further in the network and other connected networks.

At the end of the article, the US authorities have listed the individual vulnerabilities and possible countermeasures. IT managers should check the list once and see whether there are still services lurking in their own network that need to be secured. Most recently, in April of this year, cyber security authorities created an overview of vulnerabilities that were generally most frequently misused for attacks in the past year. Administrators should also check this list once.

- Advertisement -

- Advertisement -

Latest articles

More like this