Security News > 2020 > September > Chinese Hackers Using Publicly Available Resources in Attacks on U.S. Government
Published with contribution from the FBI, the alert presents some of the tactics, techniques, and procedures that the Chinese state-sponsored hackers are employing in attacks on the U.S., such as the heavy use of publicly available tools to hinder attribution.
According to CISA, threat actors affiliated with the Chinese MSS use open-source information in the planning stage of their operations, and engage target networks leveraging readily available exploits and toolkits.
The threat actors, CISA also says, have the ability to "Build and maintain relatively low-complexity capabilities" in support of attacks on federal government networks.
The agency also reveals that it has observed beaconing activity on government networks compromised by Chinese actors, brute-force attacks leveraging credentials available on the Internet, suspicious network scanning activity for ports on target networks, and the targeting of CVE-2020-0688 "To collect emails from the exchange servers found in Federal Government environments."
"CISA asserts with high confidence that sophisticated cyber threat actors will continue to use open-source resources and tools to target networks with a low security posture. When sophisticated cyber threat actors conduct operations against soft targets, it can negatively impact critical infrastructure, federal, and state, local, tribal, territorial government networks, possibly resulting in loss of critical data or personally identifiable information," CISA notes.
News URL
Related news
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- White House links ninth telecom breach to Chinese hackers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |