Chinese state-sponsored cyber actors are targeting bugs in F5, Citrix, Pulse and Microsoft Exchange Servers, US agencies warn

2020-09-16

The US federal agencies have issued a joint advisory to warn government and private sector entities about a fresh wave of cyber attacks by Chinese state-sponsored hackers targeting vulnerabilities in Microsoft Exchange Servers, Pulse and Citrix Secure VPNs and F5 devices.

, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) said that they had observed a large number of cyber incidents in recent months in which hackers affiliated to China's Ministry of State Security (MSS) conducted attacks by exploiting vulnerabilities that have already been patched by vendors.

In some case, patches were released about a year ago, but many organisations have not yet updated their systems, leaving them vulnerable to attacks from cyber actors.

The most notable bugs that the US agencies have seen being targeted by Chinese hackers are:

"If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network," CISA said in its the advisory.

The agency recommends organisations to take notice of the techniques and procedures used by hackers to target the above-mentioned vulnerabilities and to patch their systems as soon as possible.