The publications are suspended, except for particular events, from 1 to 21 August. In the meantime, we are preparing some news for the second half of the year.
NSA cybersecurity experts released an advisory on Chinese state-sponsored activity. : It provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged or scanned
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. It provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Beijing state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages critical system administrators to prioritize the immediate patching of the CVEs in NSA’s advisory and to review CISA’s Alert Potential for China Cyber Response to Heightened U.S.–China Tensions. It details potential cyber response to heightened tensions between the United States and China, providing specific tactics, techniques, and procedures (TTPs) and recommended mitigations to the cybersecurity community to assist in the protection of the Nation’s critical infrastructure.
National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently scanned, targeted, and exploited by Chinese state-sponsored cyber actors
NSA is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently scanned, targeted, and exploited by Chinese state-sponsored cyber actors. NSA recommends that critical system owners consider these actions a priority, in order to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, and competitive advantage. Additionally, due to the various systems and networks that could be impacted by the information in this product outside of these sectors, the Agency recommends that the CVEs above be prioritized for action by all network defenders.