US: Hackers working for China have successfully compromised US government systems: A federal cybersecurity agency

•             Hackers linked to the Chinese government have successfully infiltrated US government systems across "many sectors," according to the Cybersecurity and Infrastructure Security Agency and the FBI.

•             The hackers are taking advantage of publicly available code and exploits that have already been publicized in order to hack into US entities.

•             The report suggests that, after vulnerabilities are discovered and publicized by US defenders, hackers are often able to exploit the vulnerabilities before government agencies patch them.

•             CISA did not specify which agencies were compromised or how many records were potentially stolen, but says that hackers were frequently successful using "low-complexity" methods.

Hackers linked to the Chinese government have repeatedly attempted to compromise US government systems over the past year — and in some cases, they were successful, according to the Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security's cybersecurity division.

In an advisory published with the FBI this week, CISA warned that Chinese hackers appeared to be using publicly available information about vulnerabilities that security researchers had discovered — but that hadn't yet been patched — in order to target US entities.

"CISA has observed the threat actors using a variety of open-source and publicly available exploits and exploit code to compromise Federal Government networks," the agencies said in the advisory.

US intelligence agencies have warned of attacks originating from China's state-run hacking teams for years, and there's nothing particularly new about the practice. But the advisory published this week shows that mere awareness of attempted hacks isn't enough to hold them off when government agencies don't adequately protect their systems.

The advisory doesn't say which agencies were targeted, nor does it disclose the number of records that were potentially stolen. But it outlines how hackers have successfully targeted the US in the past year using "low-complexity" tactics.

Those tactics included sending malicious links in phishing emails to US officials, buying domain names to pose as trustworthy organizations, and buying passwords leaked in other breaches to try and compromise officials' accounts.

Hackers also regularly exploited vulnerabilities that security researchers had previously identified and publicized. One of the resources that hackers are using is a database of known vulnerabilities compiled by the National Institute of Standards and Technology.

"CISA analysts have observed a correlation between the public release of a vulnerability and targeted scanning of systems identified as being vulnerable," the advisory reads.

The findings suggest that US agencies need to work more quickly to patch vulnerabilities that have been publicly documented. In one case, hackers used an exploit to target US systems weeks after the exploit was publicly disclosed.

"CISA and the FBI recommend that organizations place an increased priority on patching the vulnerabilities routinely exploited," the advisory reads. "CISA and the FBI also recommend that organizations routinely audit their configuration and patch management programs to ensure they can track and mitigate emerging threats."

Business Insider