"RCE on Log4j Among Top CVEs Exploited By Chinese-Backed Hackers"

According to a new advisory published by the US National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), Chinese state-sponsored threat actors continue to exploit known vulnerabilities to target the US, and allied networks and companies  The advisory noted that Chinese state-sponsored threat actors are using an increasing array of new and adaptive techniques, some of which pose a significant risk to Information Technology Sector organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations.  The threat actors continue to use virtual private networks (VPNs) to obfuscate their activities and target web-facing applications to establish initial access.  They then use the vulnerabilities above to surreptitiously gain unauthorized access into sensitive networks, after which they seek to establish persistence and move laterally to other internally connected networks.  The US agencies also published the top 20 common vulnerabilities and exposures (CVEs) exploited by Chinese state-sponsored actors since 2020.   Remote code execution (RCE) on Apache Log4j (CVE–2021–44228), Microsoft Exchange (CVE–2021–26855), and Atlassian (CVE–2022–26134) are among these, as well as arbitrary file upload in VMWare vCenter Server (CVE–2021–22005).  In their advisory, the NSA, CISA, and FBI also gave a list of recommendations for mitigating the risks. 

Infosecurity reports: "RCE on Log4j Among Top CVEs Exploited By Chinese-Backed Hackers"