The US National Security Agency (NSA) today published a list of the top 25 publicly known vulnerabilities most often scanned for and targeted by state-sponsored attackers out of China.
Chinese state-sponsored cyber activity is "one of the greatest threats" to US National Security Systems, the US Defense Industrial Base, and Department of Defense information networks, the NSA writes in its advisory. This activity often includes a range of tactics and techniques to target networks for sensitive intellectual property and economic, political, and military information.
These attackers typically use the same process as other sophisticated actors: they first identify their target, gather technical data, identify vulnerabilities linked to the target, develop or reuse an exploit, and then launch their attack operation.
Most of the vulnerabilities on the NSA's list can be exploited to gain initial access into victim networks using products that are directly accessible from the Internet and act as gateways into internal networks. Most of these products are used for remote access or external Web services, and "should be prioritized for immediate patching," NSA officials say.
This list includes recently disclosed flaws like Zerologon in Microsoft Windows and other vulnerabilities in Windows, Windows Server, Citrix Gateway, Pulse Connect Secure, F5 BIG-IP proxy/load balancer devices, Adobe ColdFusion, Oracle WebLogic Server, and other products and services.
The NSA advises organizations to prioritize patching these 25 vulnerabilities and notes this is a non-exhaustive list of what is available to, and used by, Chinese attackers; however, these flaws are those known to be operationalized by China.
Read the NSA's cybersecurity advisory for more details.