The top 25 vulnerabilities
According to the report, Chinese state-sponsored hackers were seen abusing these vulnerabilities to launch strategic hacking operations against a multitude of victim networks.
Most of these vulnerabilities belong to products related to remote access or external web services. Such products, accessible via the internet, are often exploited to gain initial access inside the victim’s network.
Exploits in the enterprise products including gateways (including Citrix ADC and Gateway, Symantec Messaging Gateway), VPN (Pulse Secure VPN), load balancers (F5 BIG-IP), etc. could provide direct remote access to the attackers.
Several vulnerabilities in the list target Windows OS and its services, such as Remote Desktop Services (Blukeep vulnerability), Netlogon (Zerologon), DNS server (SigRed), etc.
Additional products include business applications such as email servers (such as Microsoft Exchange, Exim mail), and application servers (such as Oracle WebLogic, Zoho ManageEngine, Adobe ColdFusion), that are being targeted by Chinese hackers.
Recent exploitation of these flaws
Not only Chinese hackers but several other low-level malware groups, ransomware gangs, and other state-sponsored hackers (including Russia, and Iran) were seen exploiting the above-mentioned vulnerabilities.
Threats actors such as TA505,
Support the originator by clicking the read the rest link below.
