"This report demonstrates that the mandated vulnerability and threat-intelligence sharing from the MIIT’s new database to the CNCERT/CC’s CNVD facilitates access to reporting by a regional MSS office, a known PLA contractor, and a university research center with ties to PLA hacking campaigns and which conducts offensive and defense research."
"These organizations with ties to offensive hacking activities would be negligent if they did not utilize their access to CNVD vulnerability reports to equip their operators. The observable increase in the number of zero-days used by PRC hacking teams, as indicated by the 2022 Microsoft “Digital Defense Report,” suggests that these organizations’ access is resulting in vulnerabilities being used by offensive teams."
Oddbean new post about login | logout