US Accuses Chinese Government Hackers Of Breaching Telcos To Pry On Network Traffic

Share post:

The NSA, CISA, and the FBI published a joint cybersecurity advisory stating that Chinese hackers have taken advantage of publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers all the way to large enterprise networks.

The hackers used the breached devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could utilize to exploit and breach more networks.

The hackers then stole credentials to access SQL databases and used SQL commands to gather user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.

“The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns,” the NSA said.

By exploiting these vulnerabilities, the Chinese-sponsored hackers have built broad infrastructure networks that made it possible for them to launch more public and private sector breaches.

The NSA, CISA, and the FBI strongly urged US and allied governments, critical infrastructure, and private organizations to have mitigation measures that would aid in minimizing the risk of similar attacks in their networks.

Moreover, the federal agencies strongly encourage organizations to apply security patches soonest, disable unnecessary ports and protocols to lessen their attack surface, and replace end-of-life network infrastructure no longer receiving security patches.

They also recommend segmenting networks to stop lateral movement attempts and allowing robust logging on internet-exposed services to monitor and detect attack attempts efficiently.

For more information, read the original story in Bleepingcomputer.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

The Canadian SHIELD Institute: A New Policy Hub To Drive Canada’s Prosperity

Toronto, Canada – January 16, 2025 The Council of Canadian Innovators (CCI) has announced the launch of The...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways