"CISA Reveal Chinese Hackers Tactics Targeting US Telecoms and Network Service Providers"
The Cybersecurity and Infrastructure Security Agency (CISA) published a new advisory warning public and private sector organizations about China-based state-sponsored cyberattacks against US firms. The document describes a series of common vulnerabilities and exposures (CVEs) associated with network devices that would have been regularly exploited by the unnamed cyber-actors since 2020. Such devices included small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, which were exploited to gain extensive and/or persistent access to organizations' networks, and as a command-and-control (C2) tactic to pivot to other targets. After successfully gaining access to organizations' network devices, the actors would have then executed router commands to route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure. According to the advisory, the threat actors also consistently evolved and have adapted tactics to bypass defenses, modifying their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns. A complete list of the CVEs and network commands used during the China-based state-sponsored cyberattacks is available in the advisory. CISA noted that to mitigate the vulnerabilities listed in the advisory, organizations should apply any available patches to their systems, replace end-of-life infrastructure, and implement a centralized patch management program. The advisory comes days after the Agency issued a joint statement with the Department of Energy (DoE) warning of attacks against internet-connected uninterruptible power supply (UPS) devices.