U.S. security authorities issue warning about hacking activities linked to China’s Ministry of State Security targeting U.S. government agencies.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation issued a joint alert on September 14 that said the U.S. continues to observe cyber threat actors linked to China’s Ministry of State Security (MSS) operating in China, using publicly available information resources and common and familiar methods, techniques, and procedures to launch attacks against U.S. government agency networks.
To disguise their attacks, Chinese government hackers routinely load victim data into encrypted Roshal Archive Compressed files, change file names and system timestamps, and will often return to the same victim network from which they previously attacked and stole the data to repeat the attack, sometimes years later, according to the joint alert. Return Again. Hackers also analyze the security posture of the attacking network using resources such as the Shodan search engine, the Common Vulnerabilities and Exposure database, and the National Vulnerabilities Database. Targets are then selected based on vulnerabilities in applications and operating systems, as well as whether these vulnerabilities are patched in a timely manner.
Cyber-threat actors affiliated with China’s Ministry of State Security have also launched cyber-attacks against various industries in the United States and other countries, including high-tech manufacturing, medical devices, civil engineering, solar energy, pharmaceuticals, and defense, and the attacks have been ongoing for more than a decade, according to the U.S. Department of Justice indictment cited by United Alert. The attacks have benefited both the hackers and China’s Ministry of National Security.
Cyber threat actors associated with China’s DHS continue to use open-source methods to launch cyber attacks, demonstrating that these actors are able to identify and exploit attack networks with relatively low sophistication, according to the joint alert. These attacks are successful in most cases due to system misconfigurations and immature patch management schemes that allow these actors to exploit existing vulnerabilities to plan and execute attacks, the joint alert said. Widespread implementation of a strong configuration and patch management program would significantly improve network security and reduce the speed and frequency of cyberattacks by forcing hackers to spend more time and money researching unknown vulnerabilities and developing the tools to exploit them, the joint report suggests.
Recent Comments