Watch out: top flaws exploited by China to breach networks

China-sponsored threat actors have been actively exploiting over a dozen vulnerabilities to actively target the US and allied networks, as well as software and hardware companies.

China’s state-sponsored activities are one of the largest and most dynamic threats to the US government and civilian networks, a new advisory by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigations (FBI) reads.

“People’s Republic of China state-sponsored cyber actors continue to target government and critical infrastructure networks with an increasing array of new and adaptive techniques—some of which pose a significant risk to Information Technology Sector organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations,” it said.

Threat actors continue to exploit well-known flaws in Log4j, Zoho, and Microsoft products, among others, to target networks of interest.

Top vulnerabilities

“These state-sponsored actors continue to use virtual private networks (VPNs) to obfuscate their activities and target web-facing applications to establish initial access. Many of the CVEs indicated in the table allow the actors to surreptitiously gain unauthorized access into sensitive networks, after which they seek to establish persistence and move laterally to other internally connected networks,” the advisory reads.

Earlier this week, another advisory disclosed that multiple advanced persistent threat (APT) groups likely infiltrated a Defense Industrial Base organization to steal sensitive information. Threat actors exploited a Microsoft Exchange vulnerability on the organization's server to gain access.

According to the recently released top 10 ways criminals get in, there's no need for them to exploit zero-day vulnerabilities. They make use of well-known yet still generally unpatched vulnerabilities, exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access.

Combined with the fact that many organizations don't keep count of the devices they have on their networks, it creates a perfect scenario for cybercriminals.


  • Update and patch systems as soon as possible. Prioritize patching vulnerabilities identified in this Advisory and other known exploited vulnerabilities.
  • Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change those immediately if there are indications that a password may have been compromised.
  • Block obsolete or unused protocols at the network edge.
  • Upgrade or replace end-of-life devices.
  • Move toward the Zero Trust security model.
  • Enable robust logging of Internet-facing systems and monitor the logs for anomalous activity.