U.S. security agencies have warned that hackers backed by the Chinese regime have been targeting โmajor telecommunications companies and network service providersโ since 2020.
In a June 7 cybersecurity advisory, they urged those affected to take immediate remedial action.
The advisory, coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), said the hackers โcontinue to exploit publicly known vulnerabilities,โ using tactics to bypass defenses and keeping themselves undetected.
The agencies pointed out that the hackers allegedly utilized open-source tools, such as RouterSploit and RouterScan, and known software flaws in networking devices such as routers.
โ[T]hese devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,โ noted the agencies.
The agencies did not identify the victim companies in the advisory, but they included a list of the common vulnerabilities and exposures (CVEs) most frequently exploited by the Chinese regimeโs hackers since 2020, together with vulnerability types and the major vendorsโCisco, Citrix, D-Link, Fortinet, and Netgear.
They urged potential victims to shore up their networks by applying immediate patches, updating infrastructure, and disabling unnecessary ports and protocols.
The advisory is the latest of the U.S. governmentโs series of warnings on โChinese malicious cyber activities,โ which date back to 2017.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) lists all of its advisories, alerts, and malware analysis reports on โChinese malicious cyber activitiesโ from April 2017 onward.
According to CISAโs list, Chinese regime-linked hackers targeted and intruded on U.S. oil and natural gas companies from 2011 to 2013.
Another Chinese regime-backed hacking activity the CISA said was conducted by the Chinese Communist Partyโs (CCP) Ministry of State Security (MSS) Hainan State Security Department. These hackers were identified as APT40 by the CISA and the Federal Bureau of Investigation (FBI) in a joint advisory last year.
Byย Sophia Lam
