contact us

From Behind a Great Wall these Vulnerabilities Open Doors

Nov 10, 2020

Read about what we learned from the NSA alert about Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities. The top 25 vulnerabilities listed in the security advisory were analyzed for interesting correlations and security take-aways. 

Here are the ways we looked at this alert:

Analysis of weaponization

  • 12 CVEs have RCE capabilities
  • 6 CVEs are associated with APT Groups (APT41, APT33, APT39, APT5, Cadelle, Chafer, APT39, OilRig (APT34), Axiom, Night Dragon, Soft Cell)
  • 4 CVEs are associated with Ransomware
  • 3 CVEs with Privilege Execution
  • 1 CVE is associated with Lazarus Malware 

For those using RiskSense, this analysis is already incorporated into the solution. Selecting the system filter NSA-Chinese State Actors will show all of the open host findings and the adversarial impact reflected automatically by the detailed risk-based prioritization. 

The full listing of the 18 CVE’s and their exploit details are provided by our research and partner relationship with Cyber Security Works. 

Let’s look at each category:

Association with Common Weakness Enumeration

21 of the 25 weaponized ranks among the Top 25 Common Weakness Enumeration (CWE). The remaining 4, rank closely behind in the Top 30 current CWE listing.

Exploit Kit Analysis

 Our threat researchers analyzed the constant cybercriminal activity related to exploit kits and found CVE-2019-19781 and CVE-2019-11510 associated with four exploit kits. We also noticed that older exploit kits such as the RIG exploit kit, Fallout exploits kit are getting upgraded with the newer elements and capabilities. 

  • CVE-2019-19781 – RIG Exploit kit, Fallout exploit kit
  • CVE-2019-11510 – Fallou, Spelvo

Associated with Ransomware

We also found that four CVEs out of 25 are associated with 21 Ransomware families. Interestingly these old vulnerabilities range from the year 2019. 


  • CLOP
  • Ragnarok
  • Sodinokibi 
  • Vatet loader
  • Golang Ransomware
  • DoppelPaymer
  • Bitpaymer 
  • Dridex 2.0
  • Neifilm
  • Nemty


  • Black Kingdom 
  • Sodinokibi
  • Maze


  • GandCrab
  • Lockergoga
  • Megacortex


  • Netwalker

Not all organizations have the resources or time to do this level of vulnerability assessment. RiskSense Risk-Based Vulnerability Management solution makes organizations smarter about security providing this built-in threat context. Take your scan data and make it more actionable, see how system threat filters work in action and walk away with the proof needed to modernize your vulnerability management program. Contact us today to enroll in a ‘proof of work’ engagement. 


RiskSense Logo

RiskSense®, Inc. provides vulnerability management and remediation prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform delivers Risk-Based Vulnerability Management, Application Security Orchestration and Correlation, in addition to our Vulnerability Knowledge Base.These products bring insight to the wide views of vulnerability risk with adversarial threat-context and ties to ransomware. With Vulnerability Risk Rating, threat analytics, and automated playbooks prioritize actions for critical security weaknesses dramatically improving security and IT efficiency and effectiveness of managing attack surface risk.

Contact us at

+1 505-217-9422

Follow Risksense on LinkedIn Follow Risksense on Twitter

© 2021 RiskSense, Inc. All rights reserved.
Legal Notices, Privacy Policy, and Customer Agreements | Site Map