The Department of Homeland Security (DHS CISA) Cybersecurity and Infrastructure Protection Agency has published security guidelines for the private sector and government agencies and told about a wave of attacks by Chinese hack groups linked by the PRC Ministry of State Security.
According to CISA experts, over the past year, Chinese hackers have regularly scanned US government networks in search of network devices, and then used exploits against them for fresh vulnerabilities, sought to gain a foothold in vulnerable networks and continue lateral movement. At the same time, according to the report, some of these attacks were successful, and the attackers achieved their goal.
The main targets of the Chinese hackers were F5 Big-IP load balancers, Citrix and Pulse Secure VPN devices, and Microsoft Exchange mail servers. All of these products have identified major vulnerabilities over the past year, including: CVE-2020-5902, CVE-2019-19781, CVE-2019-11510 and CVE-2020-0688…
Having infiltrated the network, Chinese hackers seek to advance further and steal data. For this, a variety of tools (including open source and legitimate) are used, the most common of which are the Cobalt Strike platform, as well as the China Chopper Web Shell and Mimikatz tools.
Journalists of the edition ZDNet note that not only Chinese attackers are interested in the vulnerabilities listed above. For example, Iranian hackers also exploit these problems. Let me remind you that recently the specialists of the Crowdstrike and Dragos companies noticed that the Iranian "government" hackers do trade in access to the networks of compromised companies, and also provide access to other criminal groups.