An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Oct. 6, 2022

NSA, CISA, FBI Reveal Top CVEs Exploited by Chinese State-Sponsored Actors

In a Cybersecurity Advisory released today, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) exposed the “Top Common Vulnerabilities and Exposures (CVEs) Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors” since 2020.

The report highlights how PRC cyber actors continue to exploit these weaknesses to gain unauthorized access into sensitive networks, establish persistence, and move laterally to other internally connected networks.

The actors have targeted government and critical infrastructure networks with an increasing array of new and adaptive techniques — some of which pose a significant risk to Information Technology Sector organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations.

All of the CVEs featured in the advisory are publicly known. The top recommended mitigation is to patch these and other known exploited vulnerabilities.

NSA, CISA, and FBI urge U.S. and allied governments, critical infrastructure, and private sector organizations to apply the recommended mitigations to strengthen their defenses and reduce threat of compromise from PRC state-sponsored malicious cyber actors.

Read the full report.

Visit our full library for more cybersecurity information and technical guidance.