The Cyber Security and Infrastructure Agency of the United States, CISA for its acronym in English, has issued a notice in the last hours in which it ensures that a wave of cyberattacks is taking place from China against US government agencies and private entities.
“The Cyber Security and Infrastructure Agency (CISA) has consistently observed that cyber threat actors affiliated with the Ministry of State Security of China use public domain information sources and common and well-known tactics, techniques and procedures to attack agencies of the United States Government. “
According to the accusations of this US agency, the Chinese attackers and those responsible for other threats they would be routinely using “open source information to plan and execute cyber operations”. They would do this by scanning the networks of the target agencies.
Looking for devices with ‘exploits’
According to the notice published by CISA, Chinese hackers carry out scans of US government networks for devices with exploits through which to achieve your goals. We are talking about elements that range from email servers to very specific components of the networks that can allow them to access the networks.
Some of the intrusion attempts on federal networks in the United States have been successful
These particular devices sought by attackers have suffered vulnerabilities of a certain entity during the last 12 months and, thanks to them, some of the intrusion attempts on federal networks in the United States have been successful. A really worrying fact that invites you to take note.
It is for this reason that the Cyber Security and Infrastructure Agency reminds that maintaining a rigorous patching cycle is still the best defense against the most widely used attacks. Especially considering that a device without updating is an open door. Attackers can carry out their intrusion actions without the need to even develop specific new malicious software.
Share Chinese hackers exploit unpatched devices to attack US agencies, according to the country’s cybersecurity agency