NSA Tells Us What Attacks China is Using

The NSA is really working overtime in order to share information with us and, as a result, improve their image. At one point in time, the rumor was that the NSA spent 90% of their budget attacking others (collecting intelligence and damaging our adversaries) and 10% on protecting Americans businesses and individuals. Assuming this is true, the Chinese understand that and use that fact to attack us, unopposed.

That seems to have changed considerably.

This week’s show and tell item is a report titled Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities.

In it, they show all of the known vulnerabilities that China is currently using to go after us.

This includes the Pulse VPN many bugs, the F5 Big-IP vulnerabilities, Citrix and Remote Desktop holes and several more pages of bugs.

We suggest that you review this report and if you use any of these technologies (almost everyone uses some), make sure these patches are installed. If the Chinese are not going after you, now that the NSA has put out a list, everyone else will start using the same techniques.

The NSA report can be found here.

If you don’t want to click on a link, here is the web page address (it is long):

https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF