He explained that China-backed threat actors target and compromise major telecommunications companies and network service providers to steal credentials and collect data.
As the NSA, CISA, and FBI noted in a joint cybersecurity advisory released Tuesday, Chinese hacking groups have exploited notorious vulnerabilities to breach everything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. Once compromised, threat actors used the devices as part of their attack infrastructure as command and control servers and proxy systems that they could use to breach further networks.
The three federal agencies said the following common vulnerabilities and risks (CVEs) are the most frequently used network device CVEs by Chinese-backed government hackers since 2020.
“The PRC has been using certain techniques and widespread vulnerabilities since 2020 to use it to its advantage in cyber campaigns,” the NSA said.
These CVEs are;
|
SALES PERSON |
CVE |
Vulnerability Type |
|
Cisco |
CVE-2018-0171 |
Remote Code Execution |
|
CVE-2019-15271 |
Remote Code Execution |
|
|
CVE-2019-1652 |
Remote Code Execution |
|
|
Citrix |
CVE-2019-19781 |
Remote Code Execution |
|
DrayTek |
CVE-2020-8515 |
Remote Code Execution |
|
D-Link |
CVE-2019-16920 |
Remote Code Execution |
|
Fortinet |
CVE-2018-13382 |
Authentication Bypass |
|
Mikrotik |
CVE-2018-14847 |
Authentication Bypass |
|
ağ aygıtı |
CVE-2017-6862 |
Remote Code Execution |
|
Nabız |
CVE-2019-11510 |
Authentication Bypass |
|
CVE-2021-22893 |
Remote Code Execution |
|
|
QNAP |
CVE-2019-7192 |
Privilege Escalation |
|
CVE-2019-7193 |
Remote Injection |
|
|
CVE-2019-7194 |
XML Redirect Deviation Attack |
|
|
CVE-2019-7195 |
XML Redirect Deviation Attack |
|
|
Zyxel |
CVE-2020-29583 |
Authentication Bypass |
The NSA, CISA, and FBI are also urging U.S. and allied governments, critical infrastructure, and private sector organizations to implement a list of mitigation measures to help reduce the risk of similar attacks that breach their networks. Federal agencies advise organizations to apply security patches as soon as possible to reduce their attack surface. They recommend disabling unnecessary ports and protocols and replacing end-of-life network infrastructure that no longer receives security patches. They also recommend segmenting networks to prevent lateral movement attempts and enabling robust logging on internet-facing services to detect intrusion attempts as soon as possible.
