Chinese government-backed hackers have attacked major telecoms businesses throughout the world in a cyber-espionage effort that has lasted at least two years and has successfully compromised at least 13 telecommunications groups.
In a recent advisory, the FBI, NSA and CISA stated that hackers linked to the People’s Republic of China (PRC) had targeted and hacked major telecommunications businesses by exploiting simple and well-known network and system vulnerabilities.
According to the report, Chinese espionage is often initiated with hackers surveying target networks and exploring the manufacturers, models, versions, and known vulnerabilities of routers and networking equipment using open-source scanning tools such as RouterSploit and RouterScan. The Chinese government consistently disputes charges of hacking.
The statement from the American security agencies did not name the victims of the hacking, nor did it specify the extent of the damage. However, US authorities did list specific networking equipment, such as routers and switches, that Chinese hackers are suspected of routinely targeting, exploiting serious and well-known flaws that basically gave the attackers full control over their targets.
Cisco, Citrix, Fortinet and Netgear equipment were among the most often attacked devices. Cisco and Netgear, according to the warning, have already published software updates for the majority of the identified vulnerabilities. The organizations recommended that operators take certain actions to minimize possible threats in addition to applying available patches and system upgrades. These include removing or isolating suspected compromised devices as soon as possible, segmenting the network to limit or prevent lateral movement, disabling unused or unnecessary network services, ports, protocols, and devices, and requiring multi-factor authentication for all users, including those connected via a VPN.
For intelligence organizations, telecommunications companies are particularly valuable targets. These service providers develop and operate the majority of the Internet’s infrastructure, as well as numerous private networks throughout the world. Successfully hacking of these networks can open the door to an even larger universe of valuable surveillance opportunities.