The National Security Agency issued a new public warning Tuesday identifying 25 common vulnerabilities and exposures (CVEs) Chinese state-sponsored hackers are currently exploiting in the U.S. defense industry.
The NSA advisory said Chinese hackers are actively using the 25 hacking vulnerabilities it identified but did not say whether any specific U.S. firms had been breached by these hacking efforts. It noted the cyber vulnerabilities are already publicly known, but warned “all National Security Systems (NSS), U.S. Defense Industrial Base (DIB), and Department of Defense (DoD) system owners,” to verify their networks are safe from the hacking vulnerabilities identified.
“NSA is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently scanned, targeted, and exploited by Chinese state-sponsored cyber actors,” the advisory states.
“Chinese state-sponsored malicious cyber activity is a threat to NSS, DIB, and DOD information networks,” an accompanying NSA press release said. “These actors use a full array of tactics and techniques to exploit computer networks of interest that hold sensitive intellectual property, economic, political, and military information. Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and other mitigation efforts.”
The NSA described the risks posed by each of the hacking vulnerabilities and recommended firms update networks as soon as new updates and patches are available, regularly change passwords and review user accounts in their networks, disable management capabilities outside their networks and set up an “out-of-band management network,” block and disable obsolete or unused protocols within their networks, isolate internet-facing portions of their networks to reduce potential exposure to internal networks, and strongly monitor internet-facing activity and watch for signs of compromise.
“We hear loud and clear that it can be hard to prioritize patching and mitigation efforts,” NSA Cybersecurity Director Anne Neuberger said. “We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.”
The U.S. has long warned about the threats Chinese hackers pose to U.S. information. In July, the Department of Justice charged two suspected Chinese state-sponsored hackers in a 10-year hacking campaign that targeted a range of industries including the defense industry, as well as in high-tech manufacturing, medical device, pharmaceutical, civil and industrial engineering, gaming software, and solar energy industries.
Chinese hackers have also reportedly targeted contractors working for the U.S. Navy. The Wall Street Journal reported an internal Navy review of its cybersecurity efforts found the Navy and its defense industry partners were “under cyber siege” by China.
China also reportedly hacked the NSA itself, and stole information about the NSA’s own hacking tools, which it then used against the U.S. and other countries.