Recently, the CISA and the FBI warns that China-sponsored Chinese Hackers are targeting Exchange, Citrix, F5 flaws, as the CISA has observed for a long time.
Chinese Hackers hackers are utilizing all publicly accessible data sources and common, well-known tactics, techniques, and procedures (TTP) to target all the U.S. Government agencies.
CISA says in one of their reports that many Chinese hackers have investigated U.S. government networks for the appearance of conventional networking devices over past years. Not only this, but they also used exploits for newly confessed vulnerabilities to obtain a space on high-strung networks.
CISA has observed in the last 12 months that Chinese MSS-affiliated hackers are using spearphishing emails with embedded links. And there are some cases in which hackers are compromising or poisoning the legitimate sites to allow all cyber works.
The Chinese Hackers are using the Initial Access [TA0001] methods, and according to the report that has been announced by the CISA is that the hackers can proceed to launch these types of low-complexity attacks powerfully.
The vulnerabilities that CISA has been seen targeted by Chinese MSS-affiliated hackers are mentioned below:-
This vulnerability enables a remote threat actor to get access to the Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC) outwardly authentication and then execute remote code execution.
This vulnerability is accessible in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. And it enables remote unauthenticated hackers to perform commands remotely.
This vulnerability allows unauthenticated remote hackers to send specially crafted URIs to correlate to unprotected servers and learn all sensitive files, including user credentials.
This vulnerability is present in the Exchange Control Panel (ECP) segment, and it is produced by Exchange’s failure to generate unprecedented cryptographic keys after installation.
According to the CISA, the threat actors have used the most common exploit toolkit to attack the targetted networks, and here we have mentioned below:-
Apart from this, CISA is still trying to find out all the loopholes of this attack, and they also affirmed that there some possibilities that the hackers may have used the open-source resources and tools to target networks with a low-security condition.
CISA, along with the FBI, recommended that all the business infrastructure should audit their configuration and patch management plans on day to day basis. Doing this will ensure that they can track and mitigate developing threats. And performing a meticulous configuration and patch management program will hamper complicated hackers.
That’s why the CISA has also asserted that every private organization should have an explicit knowledge regarding the tactics, techniques, procedures (TTP) that has been used by the threat actors.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read:
US Charges Two Chinese Hackers for Hacking into Hundreds of Computer Systems
Chinese APT Hackers Attack India & Hong Kong Using a New Malware to Steal Sensitive Data Remotely
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…
A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…