NSA details top 25 vulnerabilities to patch immediately
The NSA says Chinese state-sponsored hackers are actively exploiting these bugs in the wild
The USA's National Security Agency (NSA) has released an advisory warning for government organisations and private entities, detailing 25 security vulnerabilities that Chinese cyber actors are actively exploiting in the wild.
According to the NSA, all of these bugs are publicly known and patches are available from vendors.
The Agency said that Chinese state-sponsored hackers are scanning and targeting these bugs in efforts to gain initial access to victim networks. To achieve their goals, they generally use products "that are directly accessible from the Internet and act as gateways to internal networks," the NSA said in its advisory [pdf].
"The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritised for immediate patching," it added.
Chinese state-sponsored hackers typically use the same process as other sophisticated actors to exploit a system. After identifying a target, they try to collect technical data and identify security vulnerabilities linked. Then they develop (or reuse) an exploit and start their cyber operation.
NSA said that it has observed some ransomware and low-level malware gangs exploiting these bugs, in addition to state-sponsored actors from Iran and Russia. The cyber agency has also tracked multiple Chinese attacks in recent months, to compromise the information networks of the US Department of Defense, the US Defense Industrial Base, and National Security Systems.
The list of security vulnerabilities includes bugs like Zerologon in Microsoft Windows as well as other critical vulnerabilities affecting Citrix Gateway, Windows Server, Pulse Connect Secure, Adobe ColdFusion, F5 BIG-IP proxy/load balancer devices, Oracle WebLogic Server and other products.
The security bugs are:
- CVE-2019-11510
- CVE-2019-19781
- CVE-2020-15505
- CVE-2019-11580
- CVE-2020-10189
- CVE-2019-18935
- CVE-2020-5902
- CVE-2020-8193
- CVE-2020-8196
- CVE-2020-8195
- CVE-2020-1350
- CVE-2020-1472
- CVE-2019-0708
- CVE-2019-1040
- CVE-2020-0688
- CVE-2018-6789
- CVE-2018-4939
- CVE-2020-2555
- CVE-2015-4852
- CVE-2019-3396
- CVE-2019-0803
- CVE-2020-0601
- CVE-2017-6327
- CVE-2020-8515
- CVE-2020-3118
The US security agency is urging organisations to immediately patch their systems for these vulnerabilities to mitigate the loss of sensitive information that could impact US policies, strategies, plans and competitive advantage.