US agency releases advisory on activities of China's Ministry of State Security
New York: Amid reports of snooping by Chinese firms, the US Cybersecurity and Infrastructure Security Agency has released an advisory on the activities of China's Ministry of State Security (MSS) and its associated agencies and contractors, media reports said.
These operations are characterized by collection of open-source intelligence and by the use of readily available exploits, reports The Cyber Wire.
"There’s nothing particularly exotic about the tactics and techniques, but they’ve been proven effective nonetheless. The MSS has tended to concentrate on recently identified vulnerabilities, hoping to catch organizations that have been laggard in patching," reported the website.
"Some of the issues exploited include Microsoft Exchange Server (CVE-2020-0688), F5’s Big-IP remote takeover vulnerability (CVE-2020-5902), Pulse Secure VPN's remote code flaw (CVE-2019-11510) and Citrix VPN’s directory traversal problem (CVE-2019-19781)," it said.
According to a report published by The Guardian newspaper, the personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data.
About 2.4 million people are included in the database, assembled mostly based on public open-source data such as social media profiles, analysts said. It was compiled by Zhenhua Data, based in the south-eastern Chinese city of Shenzhen, the newspaper reported.