NSA Warns Chinese State-sponsored Actors Are Exploiting Known Vulns – Security Expert Perspective

Today, the NSA issued the Cybersecurity Advisory “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities” – a list of 25 known vulnerabilities that it warns are currently being exploited actively “against networks of interest that hold sensitive intellectual property, economic, political, and military information. Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts.

Experts Comments

October 21, 2020
Jayant Shukla
CTO and co-founder
K2 Cyber Security
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection).....Read More
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection) solutions, which are now mandated by the latest version of the NIST SP800-53 Revision 5 Security and Privacy Framework. RASP solutions also protect the organization against new and unpatched vulnerabilities.  Read Less
October 21, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
We definitely saw an increase in this situation last year and it’s ongoing. They’re trying to collect intellectual property data. Chinese attackers could be nation state, could be a company or group of companies, or just a group of threat actors or an individual trying to get proprietary information to utilize and build competitive companies... in other words, to steal and use for their own gain. I’m glad that the NSA has issued this. Publishing this report reinforces the work that.....Read More
We definitely saw an increase in this situation last year and it’s ongoing. They’re trying to collect intellectual property data. Chinese attackers could be nation state, could be a company or group of companies, or just a group of threat actors or an individual trying to get proprietary information to utilize and build competitive companies... in other words, to steal and use for their own gain. I’m glad that the NSA has issued this. Publishing this report reinforces the work that companies need to do to secure their intellectual property, and pushes them to make the patches and maintenance they need to do. It’s disappointing to see the NSA refer to threat actors as hackers. I hope this changes. Many in the hacking community are legitimate security researchers who alert companies to vulnerabilities in order to secure – not steal – their intellectual property. Many other agencies and Federal entities (such as the Department of Defense) collaborate closely with the hacking community and their vulnerability disclosure programs define the research scope, contact processes, etc. – to help ensure that vulnerabilities are identified and addressed before threat actors can move on them.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.