Chinese cyber attackers target zero-day vulnerabilities

B2B Cyber ​​Security ShortNews

Share post

Found zero-day vulnerabilities are often exploited by individual APT groups. According to Mandiant, Chinese cyberattackers are targeting more and more zero-day vulnerabilities. The report documents the role of the groups and the vulnerabilities exploited.

The new report from Client to the Fortinet vulnerability shows that routers and devices connected to the Internet in company networks are insufficiently protected against cyber attacks. There are simply not enough tools to protect these systems.

Chinese spies at work

For example, suspected Chinese spies exploited a zero-day vulnerability with a new type of malware designed specifically for network security devices. Devices used by government and defense organizations can also be infiltrated with it. Fortinet has now released a patch for the vulnerability.

“Among the latest victims of Chinese espionage are the defense industry, government agencies, telecommunications and technology companies. Since the actors in the networks are difficult to track down, very few companies can identify them themselves. It is not uncommon for a Chinese infiltration to drag on for several years. We hope that with this information and the hardening measures that accompany it, more companies will be able to detect these protracted security breaches sooner.” said Charles Carmakal, SVP & CTO at Mandiant Consulting.

Zero-day vulnerabilities report

In total, 2022 zero-day vulnerabilities were exploited by cyber-espionage groups in 2022, according to Mandiant's new Zero-Days 13 report. More than half of this is attributed to China. State actors from Russia and North Korea were also quick to do so. The total number of zero-days exploited has dropped from 81 in 2021 to 55 in 2022. However, the previous year was a record year; compared to 2020, utilization has increased by 200 percent. Mandiant anticipates more zero-day vulnerabilities to be exploited over time.

Insights into the exploited vulnerabilities

  • Four zero-day vulnerabilities were exploited by financially motivated attacker groups.
  • Ten zero-day vulnerabilities, or almost 20 percent of all zero-day vulnerabilities identified by Mandiant in 2022, affected security, IT and network management products.
More at Mandiant.com

 


About Mandiant

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.


 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more