Tech

US: Chinese government hackers break into telecom companies to snoop on network traffic

Several U.S. federal agencies today announced that Chinese-backed threat actors Targeted and compromised major telecom and network service providers Steal credentials and collect data. BleepingComputer reports: As the NSA, CISA and FBI revealed in a joint cybersecurity advisory released on Tuesday, a Chinese hacking group is exploiting publicly known vulnerabilities to run everything from unpatched small office/home office (SOHO) routers to medium and large enterprise networks. violated everything. Once compromised, threat actors used the device as part of their attack infrastructure, such as command and control servers and proxy systems, which could be used to compromise further networks.

“After gaining an initial foothold in telecommunications organizations or network service providers, Chinese government-backed cybercriminals have identified key users and infrastructure, including systems critical to securing authentication, authorization, and accounting.” Explicate. The attacker then stole the credentials to access the underlying SQL database and used SQL commands to dump user and administrator credentials from the sensitive Remote Authentication Dial-in User Service (RADIUS) server.

“Armed with valid accounts and credentials from compromised RADIUS servers and router configurations, cybercriminals returned to the network and used their access and knowledge to successfully authenticate and execute router commands to covertly route, capture, and extract traffic from the network. on infrastructure controlled by actors,” the federal agency added. Three federal agencies have identified the following Common Vulnerabilities and Exposures (CVEs) as the most frequently exploited network device CVEs by Chinese-backed national hackers after 2020: “Cyber ​​Campaigns by China to Exploit Specific Technologies and Common Vulnerabilities from 2020” NSA Add. Organizations can secure their networks by applying security patches as soon as possible, reducing the attack surface by disabling unnecessary ports and protocols, and replacing obsolete network infrastructure that no longer receives security patches.

“The agency also recommends networks to block lateral movement attempts and enable robust logging and Internet exposure services to detect attack attempts as quickly as possible,” added BleepingComputer.

US: Chinese government hackers break into telecom companies to snoop on network traffic

Source link US: Chinese government hackers break into telecom companies to snoop on network traffic

Back to top button