US Accuses Chinese Government Hackers Of Breaching Telcos To Pry On Network Traffic

Share post:

The NSA, CISA, and the FBI published a joint cybersecurity advisory stating that Chinese hackers have taken advantage of publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers all the way to large enterprise networks.

The hackers used the breached devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could utilize to exploit and breach more networks.

The hackers then stole credentials to access SQL databases and used SQL commands to gather user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.

“The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns,” the NSA said.

By exploiting these vulnerabilities, the Chinese-sponsored hackers have built broad infrastructure networks that made it possible for them to launch more public and private sector breaches.

The NSA, CISA, and the FBI strongly urged US and allied governments, critical infrastructure, and private organizations to have mitigation measures that would aid in minimizing the risk of similar attacks in their networks.

Moreover, the federal agencies strongly encourage organizations to apply security patches soonest, disable unnecessary ports and protocols to lessen their attack surface, and replace end-of-life network infrastructure no longer receiving security patches.

They also recommend segmenting networks to stop lateral movement attempts and allowing robust logging on internet-exposed services to monitor and detect attack attempts efficiently.

For more information, read the original story in Bleepingcomputer.



Related articles

Cyber Security Today, March 22, 2023 – ChatGPT4 is out, poorly-protected Linux servers are exploited, and more

ChatGPT4 is out, poorly-protected Linux servers are exploited, and more. Welcome to Cyber Security Today. It’s Wednesday, March 22nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S. The new version of ChatGPT has been released. But if you were hoping that version 4 has made this tool safer

Only 9 per cent of Canadian firms are cyber mature: Cisco report

Only 15 per cent of companies around the world would have a mature cyber readiness, according to survey

Ferrari notifies customers of ransom demand

Exclusive car maker says some client contact information exposed in cy

Government backs down on document demand from Google, Facebook

Change meets criticism that demand for external communications is an invasion

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways