On August 27, the NSA and international security agencies issued a joint advisory detailing the tactics and techniques used by these advanced persistent threat groups targeting vital sectors including government, military, and transportation.

Tenable offers comprehensive tools, including plugins and attack path analysis, to help organizations identify, monitor, and remediate these vulnerabilities amidst the ongoing threat landscape.

Telemetry data reveals that a significant portion of affected devices, especially Cisco devices, remain unpatched—ranging from 40% to 58% for some CVEs—while only about 3% of Palo Alto devices are unpatched for CVE-2024-3400, underscoring the urgent need for remediation.

Recent analysis by Tenable highlights that many devices remain vulnerable to Chinese state-sponsored cyberattacks due to unpatched security flaws, posing serious risks to organizations.

Critical vulnerabilities such as CVE-2024-21887 and CVE-2023-46805 in Ivanti products, CVE-2024-3400 in Palo Alto's PAN-OS, and issues in Cisco IOS XE are actively exploited, with proof-of-concept code, patches, and mitigation strategies readily available.

While the activity overlaps with the group known as Salt Typhoon, the recent advisory broadly attributes the threat to PRC state-sponsored actors without definitively linking it to any specific group.

All six CVEs are classified as Vulnerabilities Being Monitored by Tenable and are listed in the CISA KEV catalog, highlighting their active exploitation and the critical importance of timely patching.