The US government said what Chinese hackers have been using to attack critical US infrastructure since 2020

Vulnerabilities in the most popular and used products still threaten US national security.

The NSA, CISA and FBI have published the main vulnerabilities that Chinese hackers use to attack government systems and critical infrastructure networks.

According to the bulletin, Chinese-sponsored hackers target US and allied systems, as well as technology companies, to gain access to sensitive data and steal intellectual property.

3 federal agencies consider China's cyber activity one of the largest and most dynamic threats to US government and civilian networks.

The bulletin also provides mitigations for each of the security flaws most commonly exploited by Chinese attackers, as well as detection techniques and vulnerable technologies that help defenders detect and block attack attempts.

Since 2020, the following vulnerabilities have been most commonly exploited by Chinese government hackers, according to the NSA, CISA, and FBI.

The NSA, CISA, and FBI also urged US and allied governments, critical infrastructure facilities, and private companies to take the following steps to protect against Chinese cyberattacks.

Regularly install security patches;

Use multi-factor authentication;

Replace legacy network infrastructure that no longer receives updates.

They also recommend moving to a "zero trust" model and ensuring robust logging of internet services to quickly detect attack attempts.