A new joint advisory released by the National Security Agency, the FBI, and the Cybersecurity and Infrastructure Security Agency and the FBI addressed an issue that pertains to threat actors exploiting previously disclosed vulnerabilities. The matter is targeting organizations in both the private and public sectors, worldwide. The report was created based on knowledge obtained by the agencies and data regarding notable cybersecurity trends including tactics, techniques, and procedures.
It has long been known that threat actors use the fact that some organizations are slow to implement patches for vulnerabilities that have been disclosed to the public to launch attacks against the organizations. Since 2020, the agencies report that Chinese state-sponsored threat actors have conducted large attack campaigns that target these vulnerabilities. Since these attacks do not use their own distinct malware that is used to identify the perpetrator, it makes it more difficult for the threat to be evaluated by cybersecurity professionals.
Read More: State-sponsored Chinese threat actors compromise telecom and network service providers