The drumbeat is getting louder: The West is fed up of China hacking it. The latest concern is the PRC stealing defense secrets via two catastrophically bad bugs: By chaining flaws in F5 BIG-IP and ConnectWise ScreenConnect, Chinese state actors have broken into countless orgs.

And now the Brits are ratcheting up sanctions. In today’s SB Blogwatch, we duck and cover.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Snif & Snüf.

“CVE-2024-1709”
A hacker allegedly connected to the People’s Republic of China has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia. … The researchers believe UNC5174 is a former member of Chinese hacktivist collectives [who is] acting as a contractor for China’s Ministry of State Security (MSS) focused on executing access operations.
…
CVE-2024-1709 has caused alarm among cyber defenders since IT management software company ConnectWise warned its customers about the issue in February. The company confirmed that several customers had been compromised through the vulnerability. … ScreenConnect allows for secure remote desktop access and mobile device support, and researchers said it was being exploited by both cybercriminals and nation states.

“CVE-2022-3052”
UNC5174, operating under the alias Uteus … was responsible for exploiting CVE-2023-46747, a remote code execution vulnerability in the F5 BIG-IP Traffic Management User Interface, rated 9.8 out of 10 on the CVSS scale, and CVE-2024-1709, a path traversal flaw in ConnectWise ScreenConnect with a maximum 10 out of 10 CVSS severity score. [It also] exploited CVE-2023-22518 in Atlassian Confluence, CVE-2022-0185 in Linux kernels, and CVE-2022-3052, a command injection vulnerability in Zyxel Firewall OS.
…
The group specialises in securing initial entry into target organisations and selling access to high-value targets. … One of the more peculiar findings: UNC5174 would establish backdoors into compromised systems and [then] rectify the vulnerability they exploited.

UNC5174 was linked with several hacktivist collectives including “Dawn Calvary” … ”Genesis Day” / “Xiaoqiying” and “Teng Snake” … and has also claimed to be affiliated with the PRC MSS as an access broker and possible contractor. … Organizations targeted by UNC5174, including U.S. defense and UK government entities, were targeted concurrently by distinct known MSS access brokers UNC302, which were previously indicted by the U.S. Department of Justice.
…
UNC5174 has [also] been linked to widespread aggressive targeting and intrusions of Southeast Asian and U.S. research and education institutions, Hong Kong businesses, charities and non-governmental organizations (NGOs).

“Epoch-defining challenge”
Two people and a company linked to the Chinese state have been sanctioned by the UK government over cyber-attacks, [saying] the group were behind “malign” attempts to access details of [politicians] who had been critical of Beijing.
…
The sanctions will freeze assets, barring UK citizens and businesses from handling the company’s and individuals’ funds or resources. A travel ban will also prevent them from entering or remaining in the UK. … Prime Minister Rishi Sunak called China “the greatest state-based challenge to our national security. … China represents an economic threat to our security and an epoch-defining challenge.”

So when do we start considering these acts of war? … All I’m asking is that we stop letting this **** go unpunished.

It’s a good reminder about what a near-peer conflict would look like. I’d expect global networks to be more or less down for a while as all the zero days compiled up are dumped out one by one.
…
A month or longer later, we might start being able to have reasonable conversations about the state of the world online. I wonder how the young folks will handle it, or those dependent on cat videos.

Commie? They are selling exploits on the open market for a profit, while our own governments keep them locked up inside inefficient, state owned security services.

Do you really think the West isn’t trying to get backdoors into China or Russian systems too? Of course they are, certain countries just don’t announce it.

In addition, … they will report the vulnerability anytime another nation has the same exploit and are actively using it.

Recent Articles By Author