Hackers affiliated with the Chinese Ministry of State Security (MSS) are actively targeting U.S. Government agencies, according to the federal Cybersecurity and Infrastructure Security Agency (CISA).
In a joint advisory issued this week, CISA and the FBI warned that MSS-affiliated hackers had been observed using “open-source information to plan and conduct cyber operations” against U.S. government targets. The hacking campaigns primarily exploited recently disclosed vulnerabilities in networking equipment and software before agencies were able to apply software patches to secure them.
“The continued use of open-source tools by Chinese MSS-affiliated cyber threat actors highlights that adversaries can use relatively low-complexity capabilities to identify and exploit target networks,” the advisory stated.
Other techniques deployed include credential stuffing attacks using credentials from previously breached or compromised accounts, as well as scanning for unsecured and misconfigured network devices on Shodan.io, an IoT-centric search engine that has been used to identify several major data leaks in recent years.
CISA and the FBI recommend that agencies and organizations audit their systems more often, especially paying attention to new patches introduced to secure vulnerable equipment.
“Implementing a rigorous configuration and patch management program will hamper sophisticated cyber threat actors’ operations and protect organizations’ resources and information systems,” the advisory concluded.