NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

  /     /     /  
Publicated : 23/11/2024   Category : security


NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers


Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.



The US National Security Agency (NSA) today published a list of the top 25 publicly known vulnerabilities most often scanned for and targeted by state-sponsored attackers out of China.
Chinese state-sponsored cyber activity is one of the greatest threats to US National Security Systems, the US Defense Industrial Base, and Department of Defense information networks, the NSA writes in its advisory. This activity often includes a range of tactics and techniques to target networks for sensitive intellectual property and economic, political, and military information.
These attackers typically use the same process as other sophisticated actors: they first identify their target, gather technical data, identify vulnerabilities linked to the target, develop or reuse an exploit, and then launch their attack operation. 
Most of the vulnerabilities on the NSAs list can be exploited to gain initial access into victim networks using products that are directly accessible from the Internet and act as gateways into internal networks. Most of these products are used for remote access or external Web services, and should be prioritized for immediate patching, NSA officials say.
This list includes recently disclosed flaws like
Zerologon
in Microsoft Windows and other vulnerabilities in Windows, Windows Server, Citrix Gateway, Pulse Connect Secure, F5 BIG-IP proxy/load balancer devices, Adobe ColdFusion, Oracle WebLogic Server, and other products and services. 
The NSA advises organizations to prioritize patching these 25 vulnerabilities and notes this is a non-exhaustive list of what is available to, and used by, Chinese attackers; however, these flaws are those known to be operationalized by China. 
Read the NSAs
cybersecurity advisory
for more details.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers