{"id":5678,"date":"2020-11-03T11:02:24","date_gmt":"2020-11-03T19:02:24","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5678"},"modified":"2023-10-12T13:51:30","modified_gmt":"2023-10-12T20:51:30","slug":"nsa-warns-on-china-cyberattacks-dns-in-the-mix","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/","title":{"rendered":"NSA Warns on China Cyberattacks-DNS in the Mix"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory<sup>1<\/sup><\/span><span style=\"font-weight: 400;\"> on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Chinese state-sponsored threat actors utilize a sophisticated process to plan their attacks. This includes careful identification of the target, the gathering of technical information on the target, assessing, and identifying vulnerabilities. Once a vulnerability is identified, they develop or re-use exploits to target those vulnerabilities and then launch their attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The timely implementation of patching and updates are part of the mitigation effort recommended by the NSA. The NSA advisory \u201cprovides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133<sup>2<\/sup><\/span><span style=\"font-weight: 400;\">) or external web services (T1190<sup>3<\/sup><\/span><span style=\"font-weight: 400;\">) and should be prioritized for immediate patching. While some vulnerabilities have specific additional mitigations below, the following mitigations generally apply:\u00a0\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Keep systems and products updated and patched as soon as possible after patches are released.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Expect that data stolen or modified (including credentials, accounts, and software) before the device was patched will not be alleviated by patching, making password changes, and reviewing accounts a good practice.\u00a0\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Disable external management capabilities and set up an out-of-band management network.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Block obsolete or unused protocols at the network edge and disable them in device configurations.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Enable robust logging of Internet-facing services and monitor the logs for signs of compromise.\u201d<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">Domain Name System Vulnerability Identified in the NSA Advisory<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">One of the top 25 vulnerabilities identified by the NSA includes CVE-2020-1350<sup>4<\/sup><sup>5<\/sup><\/span><span style=\"font-weight: 400;\">. A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka &#8216;Windows DNS Server Remote Code Execution Vulnerability.\u2019 This vulnerability was first published in the NIST national vulnerability database on 7.14.2020. This impacts Microsoft Windows Server 2008 through 2019.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Mitigations include keeping the system and product updated and patched. If an update cannot be applied immediately, the following workaround will prevent the vulnerability from being exploited, per Microsoft\u2019s\u00ae recommendation. The workaround configures Windows\u00ae DNS servers to restrict the size of acceptable DNS message packets over TCP to 65,280 bytes (0xFF00). Applying the workaround requires a restart of the DNS service. Apply the patch as soon as possible and remove the workaround once the patch is applied.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another mitigation is to launch an elevated PowerShell prompt:\u00a0<\/span><\/p>\n<p><b><i>Set-ItemProperty -Path HKLM:\\SYSTEM\\CurrentControlSet\\Services\\DNS\\Parameters -Name TcpReceivePacketSize -Type DWord -Value 0xFF00<\/i><\/b><\/p>\n<h3><span style=\"font-weight: 400;\">No Surprise &#8211; Most Malware Leverages DNS in the Attack Chain<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Every story is different, but the common thread used by many threat actors is to exploit and leverage DNS. DNS is continually used to set-up and execute attack chains. The attack may involve DNS queries when the victim\u2019s system is compromised and infected. DNS is almost always used when an infected system communicates with the command and control (C&amp;C) servers.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Threat intelligence can bring you a very current set of malicious hostnames, domains, IP addresses that you can use such that your DNS servers can then detect and block command and control (C&amp;C) communications to malicious destinations. Advanced techniques such as behavioral analytics and machine learning on real-time DNS queries can rapidly detect and stop zero-day DNS tunneling, DGA, data exfiltration, Fast Flux, lookalike domains, and more. Infoblox DDI (DNS, DHCP, IPAM database) data has valuable information about device activity and actionable network context (like what type of device it is, where it is in the network, who it is assigned to, lease history). This information can be used for essential visibility into ongoing attacks and for remediation strategy.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The integration of data with SIEM and SOAR infrastructure can provide significant reductions in time for the detection of threats and the automation of incident response.\u00a0 When Infoblox detects something malicious, a new device, or virtual workload on the network, it automatically shares that event information and context with existing security infrastructures like endpoint EDR, SIEM, SOAR, and other solutions. This data can trigger the security tools to prevent access to the network or scan for vulnerabilities until it is deemed compliant with policy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For more information on BloxOne Threat Defense: <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0\u00a0<\/span><\/p>\n<p>If you want to know more, please reach out to us directly via <a href=\"https:\/\/info.infoblox.com\/contact-form\" target=\"_blank\" rel=\"noopener\">https:\/\/info.infoblox.com\/contact-form<\/a>.<\/p>\n<p><sup>1<\/sup>https:\/\/media.defense.gov\/2020\/Oct\/20\/2002519884\/-1\/-1\/0\/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF<\/p>\n<p><sup>2<\/sup>https:\/\/attack.mitre.org\/techniques\/T1133\/<\/p>\n<p><sup>3<\/sup>https:\/\/attack.mitre.org\/techniques\/T1190\/<\/p>\n<p><sup>4<\/sup>https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-1350<\/p>\n<p><sup>5<\/sup>https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-1350<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory1 on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.\u00a0 The Chinese state-sponsored threat actors [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":5679,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[332,333,151],"class_list":{"0":"post-5678","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-china","9":"tag-cyberattack","10":"tag-dns-protection","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>NSA Warns on China Cyberattacks-DNS in the Mix<\/title>\n<meta name=\"description\" content=\"On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NSA Warns on China Cyberattacks-DNS in the Mix\" \/>\n<meta property=\"og:description\" content=\"On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-03T19:02:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-12T20:51:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png\" \/>\n\t<meta property=\"og:image:width\" content=\"457\" \/>\n\t<meta property=\"og:image:height\" content=\"316\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"NSA Warns on China Cyberattacks-DNS in the Mix\",\"datePublished\":\"2020-11-03T19:02:24+00:00\",\"dateModified\":\"2023-10-12T20:51:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/\"},\"wordCount\":843,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"keywords\":[\"china\",\"Cyberattack\",\"DNS Protection\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/\",\"name\":\"NSA Warns on China Cyberattacks-DNS in the Mix\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"datePublished\":\"2020-11-03T19:02:24+00:00\",\"dateModified\":\"2023-10-12T20:51:30+00:00\",\"description\":\"On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"width\":457,\"height\":316},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NSA Warns on China Cyberattacks-DNS in the Mix\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NSA Warns on China Cyberattacks-DNS in the Mix","description":"On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/","og_locale":"en_US","og_type":"article","og_title":"NSA Warns on China Cyberattacks-DNS in the Mix","og_description":"On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/","og_site_name":"Infoblox Blog","article_published_time":"2020-11-03T19:02:24+00:00","article_modified_time":"2023-10-12T20:51:30+00:00","og_image":[{"width":457,"height":316,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","type":"image\/png"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"NSA Warns on China Cyberattacks-DNS in the Mix","datePublished":"2020-11-03T19:02:24+00:00","dateModified":"2023-10-12T20:51:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/"},"wordCount":843,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","keywords":["china","Cyberattack","DNS Protection"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/","url":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/","name":"NSA Warns on China Cyberattacks-DNS in the Mix","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","datePublished":"2020-11-03T19:02:24+00:00","dateModified":"2023-10-12T20:51:30+00:00","description":"On October 20, 2020, the National Security Agency (NSA) published a cybersecurity advisory on the continued and escalating cyberattack activity from Chinese sponsored threat actors. A large percentage of these attacks use publicly known vulnerabilities. This alert covered the top 25 threats and, in particular, noted one that utilized DNS.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","width":457,"height":316},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/nsa-warns-on-china-cyberattacks-dns-in-the-mix\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"NSA Warns on China Cyberattacks-DNS in the Mix"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5678"}],"version-history":[{"count":4,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5678\/revisions"}],"predecessor-version":[{"id":9007,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5678\/revisions\/9007"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5679"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}