Threat actors affiliated with the Chinese Ministry of State Security (MSS) continue to target U.S. government agencies, the Cybersecurity and Infrastructure Security Agency (CISA) says in a new alert.
Published with contribution from the FBI, the alert presents some of the tactics, techniques, and procedures (TTPs) that the Chinese state-sponsored hackers are employing in attacks on the U.S., such as the heavy use of publicly available tools to hinder attribution.
CISA’s alert arrives a couple of months after the U.S. indicted two Chinese hackers for the targeting of organizations in the defense, high-tech manufacturing, engineering, software (business, educational, and gaming), solar energy, and pharmaceuticals sectors for more than ten years.
According to CISA, threat actors affiliated with the Chinese MSS use open-source information in the planning stage of their operations, and engage target networks leveraging readily available exploits and toolkits.
Over the past 12 months, CISA says, the hackers were observed leveraging the Common Vulnerabilities and Exposure (CVE) database, the National Vulnerabilities Database (NVD), Shodan, and other information sources to identify vulnerable targets, understand specific security issues, and discover exploitable systems.
“While using these data sources, CISA analysts have observed a correlation between the public release of a vulnerability and targeted scanning of systems identified as being vulnerable. This correlation suggests that cyber threat actors also rely on Shodan, the CVE database, the NVD, and other open-source information to identify targets of opportunity and plan cyber operations,” CISA reveals.
The adversaries are continuously targeting, scanning, and probing for significant vulnerabilities and th ..
Support the originator by clicking the read the rest link below.
