U.S. security agencies have warned that hackers backed by the Chinese regime have been targeting “major telecommunications companies and network service providers” since 2020.
In a June 7 cybersecurity advisory, they urged those affected to take immediate remedial action.
The advisory, coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), said the hackers “continue to exploit publicly known vulnerabilities,” using tactics to bypass defenses and keeping themselves undetected.
The agencies pointed out that the hackers allegedly utilized open-source tools, such as RouterSploit and RouterScan, and known software flaws in networking devices such as routers.
“[T]hese devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,” noted the agencies.
The agencies did not identify the victim companies in the advisory, but they included a list of the common vulnerabilities and exposures (CVEs) most frequently exploited by the Chinese regime’s hackers since 2020, together with vulnerability types and the major vendors—Cisco, Citrix, D-Link, Fortinet, and Netgear.
They urged potential victims to shore up their networks by applying immediate patches, updating infrastructure, and disabling unnecessary ports and protocols.
The advisory is the latest of the U.S. government’s series of warnings on “Chinese malicious cyber activities,” which date back to 2017.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) lists all of its advisories, alerts, and malware analysis reports on “Chinese malicious cyber activities” from April 2017 onward.
According to CISA’s list, Chinese regime-linked hackers targeted and intruded on U.S. oil and natural gas companies from 2011 to 2013.
Another Chinese regime-backed hacking activity the CISA said was conducted by the Chinese Communist Party’s (CCP) Ministry of State Security (MSS) Hainan State Security Department. These hackers were identified as APT40 by the CISA and the Federal Bureau of Investigation (FBI) in a joint advisory last year.
By Sophia Lam