• Skip to main content

ITSecurity.org

Technology Security Controls

  • Main
  • Products
  • Services
    • Compliance-Services
      • ISO27001 Compliance
      • ISO22301 Compliance
      • ISO27002 Compliance
      • Data-Protection
      • GDPR
      • PCI-DSS Services
    • Identity and Access Management Services
      • IAM Design
      • IAM Policies & Standards
    • Incident Management Services
      • Emergency Incident Response
      • Forensic Support
      • Incident Response
    • Information Security Services
      • Information Security Consultancies
      • Information Security Governance Services
      • Information Security Policies & Standards
    • IT Risk Management Services
      • Risk Management Framework
      • Auditing
    • IT Security Consulting Services
      • IT Security Governance Services
      • IT Security Policies and Standards
    • Additional Security Services
      • Managed Security Services
      • Mobile Security
      • Network Security Services
    • Physical Security Services
      • Physical Security Reviews
    • Policies and Standards Services
    • Programme and Project Services
    • Risk Management Services
      • Risk Management – Framework
      • Risk Management Acceptance & Waivers
    • Security Awareness Services
      • Security Awareness – Phishing Responses
      • Phishing Responses
      • Security Awareness Training – Rebranded Security Training
      • Security Awareness Training – Generic
    • Security Design Services
      • All Security Design and Architectural Services
      • Cloud Security Review
      • Security Appliance Design and Configuration
    • Security Metrics Services
    • Technical Security Assessment Services
      • Penetration Testing – Our Penetration Test Services
      • Database Security – Databases and Repositories
      • Application Security Code Testing
      • Application Security Services
    • Third-Party and Supplier Assurance Services
      • Third and Supplier Party Assurance Methodology
      • Third and Supplier Party Assurance Review
      • Joint Venture Due Diligence
  • Security Digest
  • FAQ
  • Contact Us

NSA Advisory on Chinese Government Hacking

October 21, 2020 by ITSecurity.Org Ltd

NSA Advisory on Chinese Government Hacking

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers.

This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritized for immediate patching.

Tags: China, hacking, NSA, vulnerabilities

Sidebar photo of Bruce Schneier by Joe MacInnis.

Filed Under: China, hacking, IT Security, NSA, Uncategorized, Vulnerabilities

Contact Us

If there's any way we can help, please let us know
Call: +44 01606 642307