A recent Microsoft report claims that China might have improved its cybersecurity capabilities by keeping quiet after finding vulnerabilities and allowing government entities to weaponize them.
Last year, China adopted a series of laws requiring software and hardware makers and network operators to report any security vulnerability to local authorities before telling anyone else.
“China’s vulnerability reporting regulation went into effect September 2021, marking a first in the world for a government to require the reporting of vulnerabilities into a government authority for review prior to the vulnerability being shared with the product or service owner,” according to Microsoft.
Although the government said the regulations were to enhance cybersecurity defenses, experts believe that gatekeeping undisclosed vulnerabilities could have paved the way for their weaponization by China-based threat actors.
“While we observe many nation state actors developing exploits from unknown vulnerabilities, China-based nation state threat actors are particularly proficient at discovering and developing zero-day exploits,” reads Microsoft’s 2022 Digital Defense Report. “The increased use of zero days over the last year from China-based actors likely reflects the first full year of China’s vulnerability disclosure requirements for the Chinese security community and a major step in the use of zero-day exploits as a state priority.”
In its detailed report, the company highlighted several vulnerabilities allegedly discovered and exploited by China-based perpetrators before they were disclosed, including:
It also described some of the most notorious malicious campaigns linked to China-backed actors, including:
Specialized software such as Bitdefender Ultimate Security can protect you against zero-day exploits and other types of cyberthreats with its comprehensive list of features, which includes:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024