Chinese hackers are targeting US gov agencies and private org by exploiting Citrix, F5, Exchange flaws

September 16, 2020

Joint statement from FBI and CyberSecurity and Infrastructure Agency (CISA) states there are certain vulnerabilities in Citrix, F5, Pulse and Microsoft Exchange servers and devices that are being exploited by Chinese sponsored hackers.

The Statement says, the malicious actors are targeting US government and private companies with the aim to publicly expose the vulnerable devices with the Internet-device engine shodan or such vulnerability database like National Vulnerabilities Database and the Common Vulnerabilities and Exposure.

Here is what the CISA together with FBI explained:

“According to a recent U.S. Department of Justice indictment, MSS-affiliated actors have targeted various industries across the United States and other countries—including high-tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; and defense—in a campaign that lasted over ten years. These hackers acted for both their own personal gain and the benefit of the Chinese MSS.”

CISA is the National risk advisor. It aims to defend the US against today’s threats. It collaborates with their partners to provide a more secure and resilient infrastructure for the feature. The establishment date of the CISA is 16 Nov, 2018.

The noticeable flaws, according to the agency, are:

  • CVE-2020-0688: This is vulnerably detected on Microsoft Exchange Server. Hackers can use this flaw to enable mail collection of the targeted networks
  • CVE-2020-5902: Vulnerability in F5 Big- IP. Hackers can take the advantage of this vulnerability to create execute arbitrary system commands, delete or create files, execute Java code and/or disable services
  • CVE-2019-11510: This vulnerability in Pulse Secure VPN’s remote code that allows attackers to gain access to the victims’ networks.
  • CVE-2019-19781: in Citrix VPN directory traversal hole enables hackers to execute directory traversal attacks

As venders already patch each of these vulnerabilities, private companies and government agencies can now protect their networks if they deploy the latest security updates.

Hacking crews from China are always looking for soft spots they could use. For example, they target servers with holes in their bespoke web apps. They abuse available bugs and other opportunities to reach data. What FBI and CISA recommendation is” organizations routinely audit their configuration and patch management programs to ensure they can track and mitigate emerging threats. Implementing a rigorous configuration and patch management program will hamper sophisticated cyber threat actors’ operations and protect organizations’ resources and information systems”.

So, private organizations and government agencies should require patch their programs and try intrusion detection.

More Stories

Windows 11 Update: Say Bye To These Features

June 25, 2021

Massachusetts MassNotify Android COVID App Forced By Google

June 21, 2021

What’s New With Microsoft Windows 10 Build 19043.1052

June 10, 2021

You may have missed

How to Remove Deadnet Ransomware Ransomware And Recover .deadnet26 Files

September 2, 2023

How to Remove Nzoq Ransomware And Decrypt .nzoq Files

September 2, 2023

How to Remove Chromestera Browser Hijacker

September 2, 2023

Be Vigilant Of The Emails Did Not Reach Your Inbox Email Scam

September 2, 2023

Don’t Fall Prey To The View And Upload Required Documents Email Scam

September 2, 2023