Vulnerabilities in information technology software platforms such as Apache Log4j, VMWare vCenter Server, and Microsoft Exchange are being exploited by cyber actors linked to the Chinese government in order to hack into U.S. critical infrastructure networks, a multi-agency report revealed.
The National Security Agency published the report on Thursday, noting that it is a product of its joint investigation with the Cybersecurity and Infrastructure Security Agency and the FBI.
It cited the most common software vulnerabilities and exposures exploited by China state-backed cyber actors since 2020:
- Remote code execution
- Arbitrary file read or upload
- Path traversal
- Command line execution
- Command injection
- Authentication bypass by spoofing
The NSA, CISA and the FBI urged U.S. government and private organizations to patch the vulnerabilities as soon as possible. They also recommended installing phishing-resistant multi-factor authentication, continuous monitoring of Internet-facing systems, and transitioning to the zero trust security model.