Chinese state-sponsored actors have been successfully compromising the networks of major US telecommunications providers for years, using the foothold gained to assault other targets in both public and private sectors.
This stark warning was jointly issued by the National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI).
According to the warning, multiple Chinese hacking groups were targeting known vulnerabilities in unpatched devices such as routers. Compromised endpoints (opens in new tab) would then be made part of a larger malicious infrastructure, leveraged to mount even more dangerous attacks.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
"Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," it was said in the warning.
The threat actor would then steal login data to access SQL databases, exfiltrating administrator credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.
"Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure," the announcement further states.
There is a pretty big list of CVEs the threat actors were using to attack telcos, which can be found on this link (opens in new tab). Apparently, the Chinese have been at it since at least 2020.
The three government agencies have urged all affected parties - companies in both private and public sectors, in the US, as well as in allied countries, to keep vigilant - apply patches as soon as they’re made available, replace obsolete gear, disable unnecessary ports, and keep a strong stack of antivirus and firewall solutions.
Segmenting networks to prevent threat actors from moving laterally is also being recommended.
- Defend your premises from Chinese hackers with the best firewalls around (opens in new tab)
Via: BleepingComputer (opens in new tab)