Chinese hackers are targeting US gov agencies and private org by exploiting Citrix, F5, Exchange flaws

Joint statement from FBI and CyberSecurity and Infrastructure Agency (CISA) states there are certain vulnerabilities in Citrix, F5, Pulse and Microsoft Exchange servers and devices that are being exploited by Chinese sponsored hackers.

The Statement says, the malicious actors are targeting US government and private companies with the aim to publicly expose the vulnerable devices with the Internet-device engine shodan or such vulnerability database like National Vulnerabilities Database and the Common Vulnerabilities and Exposure.

Here is what the CISA together with FBI explained:

“According to a recent U.S. Department of Justice indictment, MSS-affiliated actors have targeted various industries across the United States and other countries—including high-tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; and defense—in a campaign that lasted over ten years. These hackers acted for both their own personal gain and the benefit of the Chinese MSS.”

CISA is the National risk advisor. It aims to defend the US against today’s threats. It collaborates with their partners to provide a more secure and resilient infrastructure for the feature. The establishment date of the CISA is 16 Nov, 2018.

The noticeable flaws, according to the agency, are:

  • CVE-2020-0688: This is vulnerably detected on Microsoft Exchange Server. Hackers can use this flaw to enable mail collection of the targeted networks
  • CVE-2020-5902: Vulnerability in F5 Big- IP. Hackers can take the advantage of this vulnerability to create execute arbitrary system commands, delete or create files, execute Java code and/or disable services
  • CVE-2019-11510: This vulnerability in Pulse Secure VPN’s remote code that allows attackers to gain access to the victims’ networks.
  • CVE-2019-19781: in Citrix VPN directory traversal hole enables hackers to execute directory traversal attacks

As venders already patch each of these vulnerabilities, private companies and government agencies can now protect their networks if they deploy the latest security updates.

Hacking crews from China are always looking for soft spots they could use. For example, they target servers with holes in their bespoke web apps. They abuse available bugs and other opportunities to reach data. What FBI and CISA recommendation is” organizations routinely audit their configuration and patch management programs to ensure they can track and mitigate emerging threats. Implementing a rigorous configuration and patch management program will hamper sophisticated cyber threat actors’ operations and protect organizations’ resources and information systems”.

So, private organizations and government agencies should require patch their programs and try intrusion detection.