icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice

Cyber Security Threat Summary:
Over the past five years, Chinese state-sponsored cyber operations have evolved into a more mature and coordinated threat, focusing on exploiting both known and zero-day vulnerabilities in public-facing security and network appliances. They have also placed a strong emphasis on operational security and anonymity These changes have been influenced by both internal factors like military restructuring and changes in domestic regulations, as well as external factors including reporting by Western governments and the cybersecurity community. This evolution has made it more challenging for organizations, governments, and the cybersecurity community to defend against these threats. Due to the focus on exploiting novel vulnerabilities in public-facing devices, a vulnerability-centric defense approach is inadequate, emphasizing the need for better defensive in-depth measures to detect post-exploitation activities.

Security Officer Comments:
These cyber groups exhibit adaptability responding to geopolitical events. For instance, they’ve adjusted targeting patterns in response to specific events such as geopolitical tensions between India and China, the Hong Kong protests, and the COVID-19 pandemic, showcasing their strategic alignment with broader state objectives. The technical evolution illustrates a deliberate shift toward precision targeting, enhanced operational security and an agile response framework marking an notable transformation in Chinese state sponsored cyber operations.

Suggested Correction(s):
Researchers at Recorded Future have published the following mitigations:

  • Ensure a risk-based approach for patching vulnerabilities, prioritizing high-risk vulnerabilities and those being exploited in the wild. With regard to Chinese state-sponsored groups, pay particular attention to remote code execution (RCE) vulnerabilities in external-facing appliances within your environment.
  • Ensure security monitoring and detection capabilities are in place for all external-facing services and devices. Monitor for follow-on activity likely to take place following exploitation of these external-facing services, such as the deployment of web shells, backdoors, or reverse shells, and subsequent lateral movement to internal networks.
  • Practice network segmentation, such as isolating internet-facing services in a network demilitarized zone (DMZ).
  • Enforce multi-factor authentication (MFA) on all VPN connections and consider implementing anomaly detection for VPN connections.
  • By monitoring Malicious Traffic Analysis (MTA), Recorded Future clients can alert on and proactively monitor infrastructure that may be potentially involved in notable communication to known C2 IP addresses.
Link(s):
https://www.darkreading.com/
PDF:
https://go.recordedfuture.com/hubfs/reports/cta-2023-1107.pdf

Contact Us for Threat Assistance
Back to Current Threats