Washington/Beijing: US security agencies warned that Chinese hackers have breached "major telecommunications companies," among a range of targets worldwide, by exploiting known software flaws in routers and other popular network networking gear.
"This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure," read a statement issued by US Cybersecurity and Infrastructure Security Agency.
"These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations. The advisory details the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—associated with network devices routinely exploited by the cyber actors since 2020," read the statement.
"PRC state-sponsored cyber actors typically conduct their intrusions by accessing compromised servers called hop points from numerous China-based Internet Protocol (IP) addresses resolving to different Chinese Internet service providers (ISPs). The cyber actors typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers. They use these servers to register and access operational email accounts, host C2 domains, and interact with victim networks. Cyber actors use these hop points as an obfuscation technique when interacting with victim networks," read the statement.
"These cyber actors are also consistently evolving and adapting tactics to bypass defenses. NSA, CISA, and the FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected. Cyber actors have modified their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns. PRC state-sponsored cyber actors often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network," the statement further said.
Rob Joyce, an official who has spent decades at the NSA and who is well respected in the cybersecurity community tweeted on the issue: " PRC sponsored actors are using access to telcos and ISPs to scale their targeting. To kick them out, we must understand the tradecraft and detect them beyond just initial access."
China "conducts more cyber intrusions than all other nations in the world combined," FBI Deputy Director Paul Abbate alleged in an April speech as quoted by CNN.
China, however, has denied all hacking charges so far.
PRC sponsored actors are using access to telcos and ISPs to scale their targeting. To kick them out, we must understand the tradecraft and detect them beyond just initial access. https://t.co/l4W4kHKd8B— Rob Joyce (@NSA_CSDirector) June 7, 2022