The Cybersecurity and Infrastructure Security Agency (CISA), a national risk advisor that forms part of the US Department of Homeland Security, pulled no punches in an "alert" about China published on its website.
"[CISA]," it said, "has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques and procedures to target US government agencies."
The hackers have also targeted private sector companies and other entities, exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.
The report comes against a backdrop of US sanctions against Chinese supplier Huawei, which President Donald Trump has repeatedly claimed is at the beck and call of the Chinese state.
The latest CISA report on China looks bound to fuel those suspicions, even though it made no explicit mention of the Chinese supplier.
All too easy Aside from the ongoing cyberattacks, CISA expressed anxiety that "continued use of open-source tools by Chinese MSS-affiliated cyber threat actors highlights that adversaries can use relatively low-complexity capabilities to identify and exploit target networks."
In most cases, bemoaned the national risk advisor, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits.
One trick up the sleeves of malevolent actors is misappropriation of legitimate information sources such as Shodan, the Common Vulnerabilities and Exposure (CVE) database, and the National Vulnerabilities Database (NVD).
Shodan is an Internet search engine that can be used to identify vulnerable devices connected to the Internet.
The CVE database and the NVD contain detailed information about vulnerabilities in applications, appliances and operating systems that can be exploited by cyber threat actors if they remain unpatched.
"Widespread implementation of robust configuration and patch management programs would greatly increase network security," said CISA.
"It would also reduce the speed and frequency of opportunistic attacks by forcing threat actors to dedicate time and funding to research unknown vulnerabilities and develop custom exploitation tools."
CISA has also observed Chinese MSS-affiliated actors in the last 12 months use spear-phishing emails with embedded links to actor-owned infrastructure in order to gain initial access to the target network.
Spear-phishing emails have also been used, said CISA, "to compromise or poison legitimate sites to enable cyber operations."
According to a recent US Department of Justice indictment, two Chinese MSS-affiliated hackers – in a campaign that allegedly lasted more than ten years – targeted various industries across the US and other countries.
Sectors in the firing line included high-tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; and defense.
The two hackers, claimed the US Department of Justice, acted for both their own personal gain and the benefit of the Chinese MSS.
- China can't manage domestic cybersecurity, let alone the world's
- Facebook failing to stop billion-dollar bot ad fraud
- China draws up its own rules on cyber sovereignty
- India unofficially bans Chinese vendors – reports
- Europe is showing Huawei the exit
— Ken Wieland, contributing editor, special to Light Reading