The National Security Agency (NSA) recently issued a warning about 25 patchable bugs that are being leveraged by Chinese hackers to infiltrate American networks. The vulnerabilities apparently affect products that are mostly used for external web services or remote access.
Chinese hacking threat
“NSA is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently scanned, targeted, and exploited by Chinese state-sponsored cyber actors… NSA recommends that critical system owners consider these actions a priority, in order to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, and competitive advantage,” the agency said, as reported by Cyberscoop.
The NSA’s Common Vulnerabilities and Exposures (CVE) list includes a wide range of domain controllers as well as application and email servers. The commonality among them is that the hackers resort to tools to manage connections between networks and the Internet.
The NSA points out that a big portion of the vulnerabilities can be exploited by hackers using tools that are freely available on the Internet. Most of the CVEs have already been identified within the last two years. Migration strategies and patches for all 25 security flaws already exist. The only thing left to do is for the affected entities to install the patches from their vendors.
The importance of the NSA revelation lies in the exposé that the Chinese government is actively backing hackers to break into the networks of the Department of Defense, national security systems, and America’s defense industrial base. Anne Neuberger, the director of the NSA Cybersecurity Directorate, notes that even though patching the security flaws can be hard, the agency’s exposé of the vulnerabilities will allow cybersecurity professionals to quickly secure their systems.
In March, Firefly Research warned that Chinese state-sponsored hackers were targeting American business sectors like manufacturing, transportation, healthcare, petrochemical, telecommunications, and finance.
In September, the Department of Defense released its 2020 report to Congress, specifically highlighting the growing threat of Chinese hackers. The report warned that the stolen information could allow China’s People’s Liberation Army cyber forces to construct an operational picture of America’s military disposition and capabilities, logistics, and defense networks.
The PLA will be able to use this information against the U.S forces during a crisis. In the same month, the U.S. Justice Department had charged 5 Chinese nationals with hacking more than 100 companies and organizations in the United States and other nations.
US election and hackers
The U.S. presidential election has attracted a large number of hackers, not just from China, but also from Russia and Iran. The U.S. Cyber Command has been keeping track of such malicious foreign hackers even before the election began, something that is expected to continue after the final vote has been cast.
Some of the activities of Russian actors have apparently resulted in incidental contact with the U.S election infrastructure. China and Iran have been conducting disinformation campaigns in the United States. Security officials have warned American citizens to remain calm during the election period. Cyber Command is responsible for the U.S. military’s defensive and offensive operations online. It was largely kept on the sidelines. But from 2018, the Cyber Command became more aggressive in its operations.