You're listening to the CyberWire Network, powered by N2K.

This is a CISA Cybersecurity Alert.

ID number Alpha Alpha 22 TAC 279 Alpha.

Original release date, October 6, 2022.

This joint cybersecurity advisory provides the top common vulnerabilities and exposures used by the People's

Republic of China state-sponsored cyber actors. PRC cyber actors continue to exploit these known

vulnerabilities and use publicly available tools to target networks of interest.

PRC state-sponsored cyber actors have actively targeted the US and Allied networks as well as software

and hardware companies to steal intellectual property and develop access into sensitive networks.

CISA, FBI, and NSA have assessed that the 20 CVEs outlined in the alert documentation

are the most common vulnerabilities exploited by PRC state-sponsored cyber actors since 2020.

PRC state-sponsored cyber actors continue to exploit these known vulnerabilities to actively

target US and Allied networks as well as software and hardware companies to

steal intellectual property and develop access to sensitive networks.

PRC State-sponsored cyber activities are one of the largest and most dynamic threats to US government and civilian networks.

PRC state-sponsored cyber actors continue to target government and critical infrastructure networks

with a diverse array of new and adaptive techniques, some of which pose a significant risk to

telecommunication providers, the defense industrial base, and other critical

infrastructure organizations.

NSA, CISA, and FBI urge U and Allied governments, critical infrastructure and private sector

organizations to apply the recommendations listed in the mitigation section and Appendix A of the

alert documentation linked in the show notes to increase their defensive posture and reduce the threat of compromise from PRC state-sponsored malicious cyber actors.

...