January 19, 2024 at 07:15PM
Chinese cyberspies have been exploiting a VMware security vulnerability, CVE-2023-34048, allowing them to hijack vulnerable servers. Meanwhile, a Moscow-backed group breached a small percentage of Microsoft corporate email accounts. Additionally, CISA issued an emergency directive to mitigate Ivanti Connect Secure zero-days, likely targeted by Chinese nation-state attackers. Persistent concerns exist about China-backed criminals targeting government networks and devices.
Key takeaways from the meeting notes:
– A VMware security vulnerability (CVE-2023-34048) has been actively exploited by Chinese cyberspies since late 2021. The vulnerability allows for remote code execution and has received a severity rating of 9.8-out-of-10.
– The Chinese espionage group UNC3886 has been identified as the one behind these attacks. They have a history of targeting VMware products and have exploited other vulnerabilities in the past.
– Microsoft also faced a security breach by a Moscow-backed crew, who gained access to a small percentage of corporate email accounts. The attack was not due to a vulnerability in Microsoft products.
– The US government’s CISA issued an emergency directive regarding Ivanti Connect Secure devices, which were compromised via zero-day vulnerabilities. While the exploits have not been attributed to a specific group, there is a persistent concern about Chinese nation-state attackers targeting government networks.
Overall, there is evidence of ongoing nation-state espionage activities targeting major technology companies and government agencies, particularly involving Chinese and Russian actors. This situation highlights the importance of proactive security measures to safeguard against such threats.