Chinese hackers backed by the government are targeting and compromising major telecommunications and network service providers, say US federal agencies.
They do so primarily by exploiting publicly known vulnerabilities associated with network devices such as routers, according to a cybersecurity advisory warning issued by the National Security Agency (NSA), Federal Bureau of Investigations (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA)
“These devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,” the advisory said, issuing warnings of vulnerabilities in equipment made by Cisco, Netgear, and Pulse Secure.
Networks affected have ranged from small office and home office routers to medium-sized and large enterprise operations.
Chinese Hackers Using Telcos, ISPs
China “sponsored actors are using access to telcos and ISPs to scale their targeting,” tweeted Rob Joyce, the NSA’s director of cybersecurity. “To kick them out, we must understand the tradecraft and detect them beyond just initial access.”
Chinese hackers have been able to establish broad infrastructure networks to exploit a wide range of public and private sector targets, the advisory stated.
The agencies urged corrective measures, such as applying patches as soon as possible, disabling unnecessary ports and protocols, and replacing end-of-life network infrastructure.
“The NSA, CISA, and FBI also recommend segmenting networks and enabling robust logging of internet-facing services and network infrastructure accesses,” they said.
- George Russell