Beijing-backed baddies target unpatched networking kit to attack telcos

2022-06-08 07:56

State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "Establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.

The advisory states that network devices are the target of this campaign and lists 16 flaws - some dating back to 2017 and none more recent than April 2021 - that the three agencies rate as the most frequently exploited.

Attackers blend into the noise or normal activity of a network.

The three-agency advisory states that attackers use compromised devices to gain "An initial foothold into a telecommunications organization or network service provider." They then hunt for users with valuable privileges and infrastructure that manages authentication, authorization, and accounting.

The attacks can be hard to spot, the advisory explains, because China's hired miscreants "Often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network."

"The cyber actors typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers. They use these servers to register and access operational email accounts, host C2 domains, and interact with victim networks. Cyber actors use these hop points as an obfuscation technique when interacting with victim networks."

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/08/cisa_fbi_nsa_china_attack_advisory/

#attack #beijing #telcos