NSA advisory: Chinese state-sponsored hackers exploit flaws since 2020

U.S. government agencies share insights on Chinese hacker activities and exploitation methods to warn people

China has become brazen, doubling down on hacker activities to steal property and compromise networks

Chinese state-sponsored hackers have become brazen, actively using known flaws to gain access to sensitive networks. The Dynamic National Security Agency reports call these attackers a major threat to critical infrastructure and election security in a recent advisory.^[1] CISA, the FBI, and NSA revealed the top security vulnerabilities that are mainly exploited by hackers backed by the government of China. These PRC hackers target government and critical infrastructure networks.^[2]

Agencies report in the joined advisory^[3] that Chinese-sponsored hackers are targeting the U.S. and other networks of technology companies. These threat actors rely on gaining access to related networks, so sensitive data, and intellectual property can be stolen.

NSA, CISA, and FBI continue to assess PRC state-sponsored cyber activities as being one of the largest and most dynamic threats to U.S. government and civilian networks.

The advisory is repealed to inform people and federal, state, local, tribal and territorial government, critical infrastructures, and private sectors about particular trends and persistent tactics, methods, and procedures of these hackers. It is especially important when the elections in the U.S. are coming up.^[4]

Listed security flaws, detection methods, vulnerable technologies

The advisory reports possible mitigations for each of the security flaws that are most exploited by Chinese threat actors. Detection methods and vulnerable technologies are also listed to help people defenders to notice and block attack attempts before the incident.

These security flaws have been exploited by particular Chinese-backed state hackers since 2020. The list includes the major Apache Log4j^[5] and Microsoft vulnerabilities that have created havoc since the discovery and the start of exploitation by various hacker groups.

Particular Chinese hackers have become the group that is doubling down on the activities to steal intellectual property and compromise sensitive networks. Criminals establish persistence and move laterally across the interconnected networks, so state-sponsored actors can create havoc in U.S. critical infrastructure, election systems, national security systems, and the Department of Defense.

Dangers of cyber attacks of state-sponsored gangs

Particular mitigation measures include recommendations to governments, critical infrastructures, and private sector organizations to apply the measures to defend against Chinese-sponsored cyber-attacks. Organizations can apply security patches and use phishing-resistant multi-factor authentication when it is possible. Replacing end-of-life- networking infrastructure can also help.

Agencies say that it is not easy to compromise election infrastructure various state-backed actors from Russia, China, and other countries with interest in U.S. elections can still try to break the security of systems. FBI and other advisories try to calm the panic and concerns regarding the midterm elections of 2022. Maliciosu hackers target election infrastructure in large-scale disruptions or try to prevent people from voting.

CISA reports that they have encountered zero reports on these attempts to prevent people from registering to vote or compromising the integrity of any ballots, or ballot cast, avoiding the accuracy of voter registration information. These attempts can be localized, but agencies can block and mitigate incidents successfully with minimal or even no disruption to election processes.

These campaigns can be widespread and dangerous, so any security measures that can be implemented should be taken into consideration. No matter if these hackers are state-sponsored Chinese groups or local criminals that want to change election results to their side. Security measures overall are important for everyday users too, not only the government agencies and companies or organizations.