Chinese Government Hackers Compromise Dozens of U.S. Government Agencies – Expert Statement

<p><span lang=\"EN-US\">This is another very worrying attack focused on a zero-day vulnerability with no patch. That means that while we know there is a problem, there is no current solution. Although this particular exploit has serious political implications and has been targeted at the US government, there will be other attacks now the vulnerability has been exposed.</span></p> <p><span lang=\"EN-US\"><br /><br />As shown in our latest <a href=\"https://orangecyberdefense.com/global/security-navigator/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://orangecyberdefense.com/global/security-navigator/&source=gmail&ust=1619174213364000&usg=AFQjCNFAXsl3_t2g4k7JGzFKPrAdcHUeug\">Security Navigator</a> report over this last year, in particular – with the rapid deployment of security products – we have observed an extraordinary increase in reported vulnerabilities (not necessarily attacks) for these kinds of systems, including technologies from several leading perimeter security product vendors. There are a few core factors at play in this surge. They include the rapid and sometimes reckless adoption or expansion of secure remote access capabilities to accommodate remote workers, which made these technologies a very attractive target. In addition, there has been a cascade effect in which the discovery of one vulnerability creates knowledge, experience, and ideas, and thus leads to the discovery of different vulnerabilities in the same product, or similar vulnerabilities in different products.</span></p> <p><span lang=\"EN-US\"><br /><br />Ultimately, government organisations and businesses alike need to take an agile, intelligence-based approach to their security. We need to recognise that the security landscape is deeply fluid and dynamic, and organisations must be able to perceive and respond to the rapid, continuous threats appropriately.</span></p>