Warning: Chinese Cyber Attacks
State-sponsored threat actors that are backed by the People’s Republic of China are targeting telecoms and network service providers says the US government. The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) have issued an advisory Alert on cyber attacks from China.
Malicious cyber activities attributed to the Chinese government targeted, and continue to target, a variety of industries and organisations in the United States.
These cyber attacks include “healthcare, financial services, defence industrial base, energy, government facilities, chemical, critical manufacturing (including automotive and aerospace),communications, IT (including managed service providers), international trade, education, video gaming, faith-based organisations, and law firms”, says the US Cybersecurity Agency.
They say that these state sponsored cyber actors continue to exploit “vulnerabilities in order to establish a broad network of compromised infrastructure”. They also say that state-sponsored actors have been working since 2020 to conduct widespread cyber campaigns that exploit Common Vulnerabilities and Exposures (CVEs). By exploiting the CVEs, threat actors were able to exploit code against virtual private networks or public facing applications, authorities said.
This allows threat actors to avoid using their own distinctive or identifying malware, as long as they acted before targeted organisations updated their own systems.
The advisory describes the ways in which state-sponsored cyber actors continue to exploit publicly known vulnerabilities to establish a broad network of compromised infrastructure. “These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organisations”, says the report. “Upon gaining an initial foothold into a telecommunications organisation or network service provider, Chinese state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorisation, and accounting”.
The advisory details the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities, primarily CVEs, associated with network devices routinely exploited by the cyber actors since 2020.
Furthermore, a recent post from Google says that government backed cyber attackers from Iran, N.Korea, Russia and China are all spreading malware by taking advantage of the public’s interest in the Ukrainian war.
CISA: CISA: CUNA: Newswek: Cybersecurity Dive: Google:
You Might Also Read:
US Banks Hit By Russian Cyber Attacks: