CISA: Chinese State Hackers Are Exploiting F5, Citrix, Pulse Secure, and Exchange Bugs

The Cybersecurity and Infrastructure Security Agency (CISA) has published a security advisory today warning of a wave of attacks carried out by hacking groups affiliated with China's Ministry of State Security (MSS). From a report: CISA says that over the past year, Chinese hackers have scanned US government networks for the presence of popular networking devices and then used exploits for recently disclosed vulnerabilities to gain a foothold on sensitive networks. The list of targeted devices includes F5 Big-IP load balancers, Citrix and Pulse Secure VPN appliances, and Microsoft Exchange email servers. For each of these devices, major vulnerabilities have been publicly disclosed over the past 12 months, such as CVE-2020-5902, CVE-2019-19781, CVE-2019-11510, and CVE-2020-0688, respectively. According to a table summarizing Chinese activity targeting these devices published by CISA today, some attacks have been successful and enabled Chinese hackers to gain a foothold on federal networks.

grain of salt

[Tablizer]

How do they really know it's from gov't sponsored hackers? Often a chain of compromised private servers, routers, and PC's is used to hide the actual originator. "It matches their pattern" is often not good enough, because spoofing and cloning tools is common in the underground to hide the real origin.

Being the current administration enjoys bashing that country and readily fires dept. heads he doesn't like, I don't trust such announcements.

Re:

[Kernel Kurtz]

It is a pretty fair guess that Chinese hackers are indeed doing this. As are US hackers, Russian hackers, and hackers from pretty much every other country in the world. Who does not love easy exploits?

Not even sure why this is news.

Re:

[Tablizer]

I'm sure they are, but that doesn't necessarily mean they are being detected with certainty. I know there are mice under our house, but I can't reasonably blame every oddity on them.

Not even sure why this is news.

I suspect political reasons, but I'll leave it at that.

karma

[hackingbear]

This is called tit-for [wired.com]-tat [zdnet.com].

Re:

[Ogive17]

Why are 100% of your posts defending China?

We all know the CIA has been spying for decades. That doesn't make it "ok" and it doesn't take away from Chinese espionage.

Re:

[hackingbear]

We all know the CIA has been spying for decades.

Why do you like to be a victim [washingtonpost.com] of [wikipedia.org] the three-letter-agencies?

Re:

[Gravis Zero]

This is called tit-for-tat.

You seemed to have forgotten that China violated [reuters.com] the U.S.-China Cyber Agreement of 2015 [fas.org] before discarding it.

This isn't tit-for-tat, this is China hacking the US regardless of what the US does.

Re:

[hackingbear]

as told you by the same three-letter-agencies that also told us about the danger of Iraq WMD?

Re:

[hackingbear]

And by the same token, why should you care if there's any human right violations in China (*) or not? If there're severe human right violations, the Chinese people will eventually revolt. That's not the American business.

(*) And the situations for Chinese including those Uyguirs and Tibetans are in fact way better than the situation of black Americans.

Was Commander Joseph Rochefort a state hacker?

[140Mandak262Jamuna]

He commanded the Combat Intelligence Unit, Washington DC, [wikipedia.org] during second world war. Men under his command intercepted the IJN communications from the listening posts in Guam, Midway and mainly Hawaii, and decoded it and ambushed the fleet of Admiral Isoroku Yamamoto north west of Midway Atoll, destroying four top level fleet aircraft carriers, Akagi, Kaga, Soryu and Hiryu. Later another intercept led to the ambush of the Admiral himself.

Seventy years later we are talking about the exploits of the code b

Re:Was Commander Joseph Rochefort a state hacker?

[currently_awake]

The rules change during a declared war. Example: The CIA organizing and supporting the overthrow of the democratically elected government of Iran was a crime. Doing the same to WW2 Italy would be legal.

Re:

[Nidi62]

The rules change during a declared war. Example: The CIA organizing and supporting the overthrow of the democratically elected government of Iran was a crime. Doing the same to WW2 Italy would be legal.

To use a sports analogy, what Rochefort did is the equivalent of figuring out the signs of an opposing baseball team during the game by watching, while what the Chinese are doing would be the equivalent of sticking a camera/microphone in the opposing team's dugout.

Re:

[140Mandak262Jamuna]

Legality gets defined after the war by the winner.

Being legal by the pre-existing rules is the consolation prize given to the loser.

If SunTzu [wikipedia.org] did not say it himself, he most definitely would agree with it.

Re:

[uffe_nordholm]

I would like to point out a major difference between what the Allies were doing in WW2 and what China seems to be doing today: in WW2 the Allies listened to radio traffic generated by their opponents. They did not meddle with that traffic. China seems to be doing a lot more active things.


In both cases the target is the same: get intelligence on your (possible) opponent, but whereas the Allies in WW2 collected traffic by passive methods (they did nothing to the traffic itself or the hardware used to gene

Re:

[mcswell]

1) Looks like your understanding of English is not too good, maybe your understanding of Chinese is better? The section you're presumably referring to in the link you provide reads thusly: "The American effort was directed from Washington, D.C. by the U.S. Navy's signals intelligence command, OP-20-G; at Pearl Harbor it was centered at the Navy's Combat Intelligence Unit (Station HYPO, also known as COM 14),[18] led by Commander Joseph Rochefort." There's a semicolon between the clause about OP-20-G and t

let me fix that...

[SuperDre]

Let me just fix the title:

"CISA: US State Hackers Are Exploiting F5, Citrix, Pulse Secure, and Exchange Bugs"

Re:

[mcswell]

You can't read, huh?

Re:

[SuperDre]

I can, but it's the US that also misuses the same flaws as these 'chinese state hackers'.. So if you are so naÃve to believe it's only 'chinese state hackers' that are misusing these flaws, go ahead.. The US is very good at pointing fingers at other, but in most cases they are far worse at meddling with other peoples affairs... The US is the biggest hypocrite in the world...