Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of ChoiceZero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice
While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.
November 13, 2023
The government of China has become considerably more proficient in exploiting zero-day vulnerabilities to achieve their espionage goals in the past five years, posing an alarming persistent threat to organizations throughout the world. Now, the country's nation-state actors are increasingly exploiting novel vulnerabilities in public-facing devices, notably edge appliances.
In fact, an estimated 85% of known zero-day vulnerabilities exploited by Chinese state-sponsored groups since 2021 have targeted public-facing appliances, including firewalls, enterprise VPNs, hypervisors, load balancers, and email security tools, according a recent report published by Insikt Group, the threat intelligence research arm of Recorded Future.
Their success is underpinned by threat sharing and support apparatus, according to Insikt. "The observed sharing of malware and exploit capabilities across Chinese state-sponsored actors is likely enabled by both upstream capability developers and wider domestic policy around software vulnerability discovery and weaponization," the report stated.
The approach has helped China transform into a much stealthier adversary, according to the findings, and therefore trickier to defend against.
Specifically, many of these devices and appliances have limited visibility, logging capabilities, and support for traditional security solutions. "Organizations should consider these factors when initially procuring network appliances in order to enhance the ability to detect and respond to threats," according to the report.
"For CISOs, this highlights the importance of looking beyond threat actors gaining initial access and ensuring they have the means to detect and respond to such an eventuality," says Mark Kelly, principal threat intelligence analyst at Recorded Future. "Given that a lot of these public-facing appliances often have very limited support for traditional security solutions, they should also consider these factors when initially procuring these types of devices."
China: The Broadest Threat to US National Security
The findings come as leaders from governments around the world have raised the highest alarms to date about their concerns about China’s cyber warfare capabilities.
"The People's Republic of China represents the defining threat of this generation, this era," FBI director Christopher Wray told 60 Minutes last month in regards to its cyber activities. "There is no country that presents a broader, more comprehensive threat to our ideas, our innovation, our economic security, and ultimately our national security."
Wray was among the representatives for Five Eyes, an alliance of intelligence leaders formed after World War II, who appeared together on the segment to call out their concerns about China's cyber capabilities. Besides the US, the Five Eyes alliance includes Canada, the United Kingdom, New Zealand, and Australia.
Melissa Hathaway, who led the Comprehensive National Cybersecurity Initiative (CNCI) for President George W. Bush and the Cyberspace Policy Review for President Barack Obama, is also concerned about China's ambitions.
"They are a leading cyber power and have probably more manpower, of meeting their overall national objectives than we do in the United States or anywhere," says Hathaway, now president of Hathaway Global Strategies, which advises companies on cybersecurity. "Part of that is a percentage of the population, but they have made it a strategic priority as part of their five-year plan, and as part of their overall strategies."
Intelligence and cyber professionals are also concerned about the Belt and Road Initiative, China's ambitious investment in infrastructure throughout the world, which could bring its attackers even closer to its targets, geographically and economically.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023