China-Backed Hackers Target Global Telecom Firms Using Old Software Faults: US Cyber Advisory

A cyber security advisory report, which includes the US National Security Agency, the Cyber ​​Security and Infrastructure Security Agency, the FBI, etc., said that in a cyber espionage campaign that lasted at least two years, Chinese government-backed hackers broke into a number of major telecom companies in the whole world.

It found that hackers were able to reach their targets by taking advantage of old and known severe vulnerabilities in common networking devices.

US officials said hackers used the stolen devices to gain full access to the network traffic of many private companies and government agencies once they had a foothold inside their targets.

However, the report did not mention the identities of people affected by the campaign, nor did it describe the impact of the campaign. But US authorities have already pointed to specific network devices, such as routers and switches, that Chinese hackers are suspected of routinely targeting, exploiting severe and known flaws that gave attackers control of their targets.

The US consultant noted: “These devices are often overlooked by cyber-advocates, who struggle to maintain and keep up with the routine patching of software facing Internet services and endpoint devices.”

It should be noted that for intelligence organizations, telecommunications companies are particularly valuable targets. These companies are responsible for the majority of the Internet’s infrastructure as well as many private networks around the world.

Therefore, if the hackers succeed in hacking them, they will gain access to a whole new world of valuable spying possibilities.

Chinese hackers allegedly exploited networking hardware from major vendors such as Cisco, Citrix, Zyxel, QNAP, DrayTek, MikroTik, D-Link and Netgear in a recently revealed cyber attack.

All the flaws were public knowledge, including a severe five-year-old hole in Netgear routers that allows attackers to circumvent authentication checks and execute any code they want, giving them complete control of the device and unrestricted access to the victim’s network.

The campaign’s success shows the severity of software errors even years after they were identified and made public.

Zero-day attacks, or hacks that use previously discovered flaws, are powerful and attract a lot of attention. However, known flaws remain serious because updating and securing networks and devices can be a challenge with limited resources, staff, and funds.

However, according to the findings, Chinese espionage often started with hackers exploring targeted networks and learning known manufacturers, models, versions and vulnerabilities of routers and network equipment using open source scanning tools like RouterSploit and RouterScan.

Using this information, threat actors were able to gain access to the network and then break into the servers providing authentication and identity to the target companies by exploiting old but unpatched vulnerabilities.

He also stated that hackers successfully hacked the target network traffic and copied it to their own devices by stealing usernames and passwords, reconfiguring routers and stealing usernames and passwords. They were able to spy on almost everything that happens inside companies using these methods.

In an effort to erase evidence of the attack, the hackers then erased log files on every device they touched. Although the attackers did their best to hide their footprints, US officials discovered the cyber-espionage campaign but did not explain how they discovered the attacks.

Read all the latest news and breaking news and watch the best videos and live TV here.

Leave a Comment