Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory
Increasingly bold Chinese state-sponsored hackers are actively using known vulnerabilities to gain access to sensitive networks, a dynamic National Security Agency cyber chief Rob Joyce called a “major threat” to critical infrastructure and election security on Thursday.
Joyce emphasized there is no specific, significant threat against U.S. elections but said the NSA, along with the FBI and the Cybersecurity and Infrastructure Security Agency, decided to release an advisory on the topic to ensure extra vigilance as November’s elections loom.
China has become “really brazen, doubling down on their activities to steal intellectual property and compromise sensitive networks,” Joyce told reporters Thursday. “They establish persistence and move laterally across the interconnected networks so malicious state sponsored activity is a major threat to U.S. critical infrastructure, election systems, national security systems and the Department of Defense along with the defense industrial base that we help protect.”
The advisory is the fourth of its kind to be released since 2020. Joyce said officials decided to emphasize the known vulnerabilities now in part because NSA has noticed them being exploited recently by “actors of concern with sufficient capabilities to compromise and expand beyond the initial access to the vulnerable networks.”
Joyce said the advisory is meant to put network owners on alert so they patch vulnerabilities as soon as possible. The advisory lists several known vulnerabilities that are being exploited by China, including Log4j, a vulnerability in a widely-used logging library that CISA Director Jen Easterly has said is one of the “most serious I’ve seen in my entire career.”
Chinese hackers are targeting government and critical infrastructure networks with an “increasing array of new and adaptive techniques,” according to the advisory. Some of these techniques pose a significant risk to telecommunications providers and other information technology organizations in addition to the defense sector and critical infrastructure organizations.
The advisory said that the hackers are targeting software and hardware companies to steal intellectual property and figure out how to access sensitive networks. The hackers use virtual private networks, the advisory said, to “obfuscate their activities and target web-facing applications to establish initial access.”
Joyce said the private sector has been an invaluable partner to federal officials tracking the threat in part by helping to protect those who don’t patch.
“Industry brings creative solutions to make sure these vulnerabilities are not liabilities at scale,” Joyce said.
The NSA advisory comes a day after CISA and the FBI published a joint public service announcement that said malicious cyber activity intended to compromise election infrastructure is “unlikely” to result in large-scale disruptions or prevent voting.