Sign In Register
5G
The Edge
Open RAN
Private Networks
Cloud Native/NFV
Security
AI/Automation
Cable/Video
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
6G
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Big 5G EventCable Next-Gen Digital SymposiumGlobal Telecoms Awards
Events Archives
Cable Next Gen-Technologies & StrategiesLeading Lights AwardsAfricaCom 2020 Digital Symposium
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register

US agency red flags Chinese state-affiliated cyberattacks

News Analysis Ken Wieland, contributing editor 9/15/2020
Comment (0)

The Cybersecurity and Infrastructure Security Agency (CISA), a national risk advisor that forms part of the US Department of Homeland Security, pulled no punches in an "alert" about China published on its website.

"[CISA]," it said, "has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques and procedures to target US government agencies."

Gotcha: Spear fishing emails are targeted, using personal information to mimic authentic mail and fool people into trusting them. (Source: Gerry Lauzon on Flickr CC 2.0)
Gotcha: Spear fishing emails are targeted, using personal information to mimic authentic mail and fool people into trusting them.
(Source: Gerry Lauzon on Flickr CC 2.0)

The hackers have also targeted private sector companies and other entities, exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

The report comes against a backdrop of US sanctions against Chinese supplier Huawei, which President Donald Trump has repeatedly claimed is at the beck and call of the Chinese state.

The latest CISA report on China looks bound to fuel those suspicions, even though it made no explicit mention of the Chinese supplier.


All too easy
Aside from the ongoing cyberattacks, CISA expressed anxiety that "continued use of open-source tools by Chinese MSS-affiliated cyber threat actors highlights that adversaries can use relatively low-complexity capabilities to identify and exploit target networks."

In most cases, bemoaned the national risk advisor, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits.

One trick up the sleeves of malevolent actors is misappropriation of legitimate information sources such as Shodan, the Common Vulnerabilities and Exposure (CVE) database, and the National Vulnerabilities Database (NVD).

Shodan is an Internet search engine that can be used to identify vulnerable devices connected to the Internet.

The CVE database and the NVD contain detailed information about vulnerabilities in applications, appliances and operating systems that can be exploited by cyber threat actors if they remain unpatched.

"Widespread implementation of robust configuration and patch management programs would greatly increase network security," said CISA.

"It would also reduce the speed and frequency of opportunistic attacks by forcing threat actors to dedicate time and funding to research unknown vulnerabilities and develop custom exploitation tools."

Gone spear-phishing
CISA has also observed Chinese MSS-affiliated actors in the last 12 months use spear-phishing emails with embedded links to actor-owned infrastructure in order to gain initial access to the target network.

Spear-phishing emails have also been used, said CISA, "to compromise or poison legitimate sites to enable cyber operations."

Want to know more about security? Check out our dedicated security channel here on Light Reading.

According to a recent US Department of Justice indictment, two Chinese MSS-affiliated hackers – in a campaign that allegedly lasted more than ten years – targeted various industries across the US and other countries.

Sectors in the firing line included high-tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; and defense.

The two hackers, claimed the US Department of Justice, acted for both their own personal gain and the benefit of the Chinese MSS.

Related posts:

— Ken Wieland, contributing editor, special to Light Reading

Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
Be the first to post a comment regarding this story.
FEATURED VIDEO
UPCOMING LIVE EVENTS
Big 5G Event
September 22-24, 2020, Virtual Event
Cable Next-Gen Digital Symposium
October 6-10, 2020, Two Day Digital Symposium
Global Telecoms Awards
November 19, 2020, London, UK
All Upcoming Live Events
UPCOMING WEBINARS
September 16, 2020 Comprehensive Security Assurance Is Essential in the 5G Era
September 16, 2020 From Monetization to Engagement: What’s Missing from Your 5G Stack?
September 17, 2020 Digitalized and Automated FTTx: Key to successful deployment
September 17, 2020 SCTE•ISBE Live Learning Webinar™ Series: Getting Ready for DOCSIS® 4.0
September 29, 2020 Turning Disparate Data Into a Market Growth Opportunity
September 30, 2020 Rewriting the FTTx playbook with Open and Disaggregated approach
September 30, 2020 IoT Solutions for the Society Against COVID-19
October 1, 2020 Extracting the business value from cloud transformation – myths and realities of value generation
October 8, 2020 5G Core Security: Assessing Commercial Readiness
October 22, 2020 SCTE•ISBE Live Learning Webinar Series: Virtualizing the Cable Access Network
November 19, 2020 SCTE•ISBE Live Learning Webinar Series: Testing the Next-Gen Cable Network
December 10, 2020 SCTE•ISBE Live Learning Webinar Series: Dreaming of Streaming Video
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
AUTIN, Contactless Intelligent Operations By Huawei
'Five Uninterrupted Support' for Remote Network Assurance By Huawei
Wi-Fi 6 and 5G: Better Together By Cisco Systems
Huawei's Bill Tang：Reliable and Trusted Service Partner at All Times By Huawei
Operator Business Outlook: The New Future By Huawei
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
Is the COVID-19 pandemic a catalyst for the fourth industrial revolution? By Javier Ger, Telecom Argentina & Claudio Saes, Bell Labs Consulting
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE