A cybersecurity advisory, which includes America’s National Security Agency, Cybersecurity & Infrastructure Security Agency, and Federal Bureau of Investigation, etc, has said that in a cyber-espionage campaign lasting at least two years, Chinese government-backed hackers have broken into a number of major telecom businesses throughout the world.
It was found that the hackers gained access to their targets by taking advantage of old and well-known severe vulnerabilities in common networking devices.
The US officials said that the hackers utilised the stolen devices to acquire full access to the network traffic of several private companies and government agencies once they had a foothold within their targets.
However, the advisory did not list the identities of persons who were impacted by the campaign, nor did it describe the campaign’s impact. But US authorities did point out the specific networking devices, such as routers and switches, that Chinese hackers are suspected of routinely targeting, exploiting severe and well-known flaws that basically gave the attackers free reign over their targets.
The American advisory noted: “These devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”
It should be noted that for intelligence organisations, telecommunications companies are particularly valuable targets. These companies are responsible for the majority of the internet’s infrastructure as well as many private networks around the world.
So, if hackers succeed in hacking them, they will gain access to a whole new universe of valuable spying prospects.
The Chinese hackers allegedly exploited networking devices from key vendors such as Cisco, Citrix, Zyxel, QNAP, DrayTek, MikroTik, D-Link, and Netgear in the recently disclosed cyber assault.
All of the flaws were public knowledge, including a five-year-old severe hole in Netgear routers that lets attackers circumvent authentication checks and execute any code they want, giving them complete control of the device and unrestricted access to the victim’s network.
The campaign’s success shows how dangerous software faults may be even years after they’ve been identified and made public.
Zero-day attacks, or hacks that make use of previously discovered flaws, are powerful and draw a lot of attention. However, known defects remain dangerous because updating and securing networks and devices can be challenging with limited resources, employees, and funds.
However, according to the findings, Chinese espionage often began with hackers surveying target networks and learning the manufacturers, models, versions, and known vulnerabilities of routers and networking equipment using open-source scanning tools like RouterSploit and RouterScan.
With such information, the threat actors were able to get access to the network and then break into the servers that provide authentication and identity for the targeted businesses by exploiting old but unpatched vulnerabilities.
It was also stated that the hackers successfully exfiltrated the targeted network’s traffic and copied it to their own machines by stealing usernames and passwords, reconfiguring routers, and stealing usernames and passwords. They were able to spy on nearly everything going on inside the businesses using these approaches.
In an attempt to erase evidence of the attack, the hackers then wiped log files on every machine they touched. Despite the attackers’ best efforts to hide their footprints, US officials have detected the cyber-espionage campaign but did not explain how they discovered the attacks.