The National Security Agency (NSA) has issued an advisory on 25 cyber vulnerabilities tied to Chinese state-sponsored malicious activities.
NSA said Tuesday it released the advisory on the Common Vulnerabilities and Exposures (CVE) to encourage Department of Defense (DoD) entities as well as national security and defense industrial base stakeholders to take necessary precautions.
The vulnerabilities can be used to gain initial access to victim networks by exploiting products that are directly accessible from the Internet. NSA noted that users should prioritize mitigation efforts such as patching to address the cyber threat.
NSA will share knowledge of their active exploitation to encourage all National Security Systems (NSS), U.S. Defense Industrial Base (DIB), and DoD system owners to verify that their systems are protected against these threats, or take appropriate action.
“We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems,” said Anne Neuberger, cybersecurity director at NSA and 2020 Wash100 Award recipient.
NSA’s recommendations include setting up an out-of-band management network, enabling robust login methods for Internet-facing services and isolating Internet-facing services in a network demilitarized zone.
