NSA/CSS - National Security Agency - Central Security Service
10/06/2022 | Press release | Distributed by Public on 10/06/2022 12:02
NSA, CISA, FBI Reveal Top CVEs Exploited by Chinese State-Sponsored Actors
In a Cybersecurity Advisory released today, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) exposed the "Top Common Vulnerabilities and Exposures (CVEs) Actively Exploited by People's Republic of China State-Sponsored Cyber Actors" since 2020.
The report highlights how PRC cyber actors continue to exploit these weaknesses to gain unauthorized access into sensitive networks, establish persistence, and move laterally to other internally connected networks.
The actors have targeted government and critical infrastructure networks with an increasing array of new and adaptive techniques - some of which pose a significant risk to Information Technology Sector organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations.
All of the CVEs featured in the advisory are publicly known. The top recommended mitigation is to patch these and other known exploited vulnerabilities.
NSA, CISA, and FBI urge U.S. and allied governments, critical infrastructure, and private sector organizations to apply the recommended mitigations to strengthen their defenses and reduce threat of compromise from PRC state-sponsored malicious cyber actors.
Read the full report.
Visit our full library for more cybersecurity information and technical guidance.
The report highlights how PRC cyber actors continue to exploit these weaknesses to gain unauthorized access into sensitive networks, establish persistence, and move laterally to other internally connected networks.
The actors have targeted government and critical infrastructure networks with an increasing array of new and adaptive techniques - some of which pose a significant risk to Information Technology Sector organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations.
All of the CVEs featured in the advisory are publicly known. The top recommended mitigation is to patch these and other known exploited vulnerabilities.
NSA, CISA, and FBI urge U.S. and allied governments, critical infrastructure, and private sector organizations to apply the recommended mitigations to strengthen their defenses and reduce threat of compromise from PRC state-sponsored malicious cyber actors.
Read the full report.
Visit our full library for more cybersecurity information and technical guidance.