The Cybersecurity and Infrastructure Security Agency (CISA) revealed today that malicious actors affiliated with the Chinese Ministry of State Security (MSS) are using open-source information plans and readily available exploits to attack networks.
A CISA alert explained that threat actors associated with the Chinese intelligence and security agency use publicly available information sources and common, well-known cyber attacks to target U.S. government agencies.
“The continued use of open-source tools by Chinese MSS-affiliated cyber threat actors highlights that adversaries can use relatively low-complexity capabilities to identify and exploit target networks,” the alert reads. “In most cases, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits.”
CISA asserted that maintaining a “rigorous patching cycle” is the best defense against the most frequently used attack vectors. This method, combined with robust configuration, also forces threat actors to dedicate more time and funding to research lesser known vulnerabilities and develop exploitation tools, the alert states.
Analysts identified the MSS-affiliated attack methods using the MITRE PRE-ATT&CK Framework. After determining the attack vector and acquiring open source intelligence on the agency, MSS-affiliated actors exploited several vulnerabilities in virtual private networks and other servers.
CISA lists patch recommendations for agencies and vulnerable programs within the alert.