CISA believes Chinese state-sponsored hackers are targeting critical cyberinfrastructure in the US and other countries by exploiting unpatched vulnerabilities.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Monday to inform the federal government and private sector entities about a new wave of cyberattacks against targeted against them by Chinese state-sponsored hackers.
The advisory also emphasized the need to patch flaws in several critical software and devices, including F5 BIG-IP devices, Pulse Secure VPNs, Citrix VPN, and Microsoft Exchange servers.
The advisory should not come as a surprise because:
1: Hackers leaked highly sensitive data of 900 Pulse Secure VPN servers on a hacker forum last month.
2: Hackers were found exploiting a critical vulnerability in the Microsoft Exchange server in March 2020.
3: Citrix VPN suffered a data breach in 2019 in which 6TB of data from the enterprise software developer was stolen – An easy way for hackers to exploit flaws.
The US government revealed that Chinese threat actors had targeted many public and private sector entities in the past few months by compromising vulnerabilities in the programs mentioned above. Victims were identified via sources like Shodan and the National Vulnerabilities Database (NVD).
Th ..
Support the originator by clicking the read the rest link below.
