Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice

While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.

3 Min Read
the countries of America and China overlayered over data and padlocks
Alamy

The government of China has become considerably more proficient in exploiting zero-day vulnerabilities to achieve their espionage goals in the past five years, posing an alarming persistent threat to organizations throughout the world. Now, the country's nation-state actors are increasingly exploiting novel vulnerabilities in public-facing devices, notably edge appliances.

In fact, an estimated 85% of known zero-day vulnerabilities exploited by Chinese state-sponsored groups since 2021 have targeted public-facing appliances, including firewalls, enterprise VPNs, hypervisors, load balancers, and email security tools, according a recent report published by Insikt Group, the threat intelligence research arm of Recorded Future.

Their success is underpinned by threat sharing and support apparatus, according to Insikt. "The observed sharing of malware and exploit capabilities across Chinese state-sponsored actors is likely enabled by both upstream capability developers and wider domestic policy around software vulnerability discovery and weaponization," the report stated.

The approach has helped China transform into a much stealthier adversary, according to the findings, and therefore trickier to defend against.

Specifically, many of these devices and appliances have limited visibility, logging capabilities, and support for traditional security solutions. "Organizations should consider these factors when initially procuring network appliances in order to enhance the ability to detect and respond to threats," according to the report.

Related:What’s Behind the Surge of Encryption-Less Ransomware Attacks in 2023?

"For CISOs, this highlights the importance of looking beyond threat actors gaining initial access and ensuring they have the means to detect and respond to such an eventuality," says Mark Kelly, principal threat intelligence analyst at Recorded Future. "Given that a lot of these public-facing appliances often have very limited support for traditional security solutions, they should also consider these factors when initially procuring these types of devices."

China: The Broadest Threat to U.S. National Security

The findings come as leaders from governments around the world have raised the highest alarms to date about their concerns about China's cyber warfare capabilities.

"The People's Republic of China represents the defining threat of this generation, this era," FBI director Christopher Wray told 60 Minutes last month in regards to its cyber activities. "There is no country that presents a broader, more comprehensive threat to our ideas, our innovation, our economic security, and ultimately our national security."

Wray was among the representatives for Five Eyes, an alliance of intelligence leaders formed after World War II, who appeared together on the segment to call out their concerns about China's cyber capabilities. Besides the US, the Five Eyes alliance includes Canada, the United Kingdom, New Zealand, and Australia.

Melissa Hathaway, who led the Comprehensive National Cybersecurity Initiative (CNCI) for President George W. Bush and the Cyberspace Policy Review for President Barack Obama, is also concerned about China's ambitions.

"They are a leading cyber power and have probably more manpower, of meeting their overall national objectives than we do in the United States or anywhere," says Hathaway, now president of Hathaway Global Strategies, which advises companies on cybersecurity. "Part of that is a percentage of the population, but they have made it a strategic priority as part of their five-year plan, and as part of their overall strategies."

Intelligence and cyber professionals are also concerned about the Belt and Road Initiative, China's ambitious investment in infrastructure throughout the world, which could bring its attackers even closer to its targets, geographically and economically.

Read more about:

Dark Reading

About the Authors

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Jeffrey Schwartz

Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like