U.S. cybersecurity and intelligence agencies have warned about Chinese state-sponsored cyber-crimes since 2020. They aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices to gain deeper access to victim networks. They compromise devices as route “command-and-control” (C2) traffic to break into other targets at scale - the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI).
The agencies noted that the findings reflect Chinese state-sponsored groups' history of aggressively striking critical infrastructure to steal sensitive data, emerging key technologies, intellectual property, and personally identifiable information.
They get a foothold into the servers using unpatched internet-facing flaws. When inside they steal user and administrative account passwords, and run commands to export data.
The disclosure also arrives less than a month after the cybersecurity authorities revealed the most routinely exploited targets - misconfigured servers, weak password controls, unpatched software, and failure to block phishing attempts.
"Entities can mitigate the vulnerabilities listed in this advisory by applying the available patches to their systems, replacing end-of-life infrastructure, and implementing a centralized patch management program," the agencies said.
You heard it hear first. Implement updates to software when requested.