China state-sponsored actors continue to exploit known, common vulnerabilities against major telecommunications companies and network service providers aimed at compromising a network of infrastructure worldwide, U.S. agencies warned on Tuesday evening.
“These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations,” says a joint Cybersecurity Advisory issued by the National Security Agency, Cybersecurity and Infrastructure Security Agency, and the FBI.
Taking advantage of existing vulnerabilities that are known means that the People’s Republic of China state-sponsored actors don’t need to deploy their own malware to access networks, the advisory says.
“Since 2020, PRC state-sponsored cyber actors have conducted widespread campaigns to rapidly exploit publicly identified security vulnerabilities, also known as common vulnerabilities and exposures (CVEs),” the advisory warns. “This technique has allowed the actors to gain access into victim accounts using publicly available exploit code against virtual private network services or public facing applications without using their own distinctive or identifying malware, so long as the actors acted before victim organizations updated their systems.”
The advisory lists the vendors and the top network device CVEs favored by the PRC state-sponsored actors and also posts a number of mitigations including following best practices such as applying network patches as soon as possible and implementing a centralized patch management system, replacing end-of-life infrastructure, segment networks, require multi-factor authentication for all users, and disabling unnecessary ports and protocols.