By Staff Writer.
US cybersecurity and law enforcement agencies have issued a warning saying major telecommunications companies and network service providers are at heightened risk of cyberattacks from Chinese state-sponsored threat actors.
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) issued the joint advisory on Tuesday, June 7. Cybersecurity experts view the advisory as an attempt by US agencies to mitigate against the impact of cyberattacks originating from China.
“These cyber-actors are also consistently evolving and adapting tactics to bypass defences,” the joint advisory reads. “NSA, CISA, and the FBI have observed state-sponsored cyber-actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected.”
The advisory details the top vulnerabilities, which are primarily Common Vulnerabilities and Exposures (CVEs), associated with network devices routinely exploited by the state-sponsored cyber-actors since 2020.
The agencies say state-sponsored cyber actors readily exploit vulnerabilities to compromise unpatched network devices. Network devices serve as additional access points to route command and control (C2) traffic and act as midpoints to conduct network intrusions on other entities.
“Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices. In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,” the joint advisory says.
CISA Chief of Staff Kiersten Todt told Bloomberg this week the campaign against cyber-attackers was a “marathon” but added that CISA has a much better profile of the threat landscape than ever before.
While CISA says malicious cyber activities attributed to the Chinese government roll out on an ongoing basis against various industries and organisations, but telcos are a particularly attractive target on several levels.
This is for several reasons. Telcos are rich sources of customer and location data, which can inform China of the whereabouts and activities of Chinese Communist Party critics. Telcos, via their cable and wireless networks, can also provide backdoor access to target organisations. Finally, as pieces of critical infrastructure, the impact of a disruptive cyber-attack on a telco can be immense.
“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting,” the advisory says.
The advisory did not cite any specific instances of cyber-attacks or name victims. However, it did warn Small Office/Home Office (SOHO) and other routers manufactured by major industry providers, including Cisco, Fortinet, and MikroTik are at risk because the cyber-attackers utilize open-source router specific software frameworks to identify makes, models, and known vulnerabilities for further investigation and exploitation.
While some vulnerabilities have specific mitigations, as a rule, the joint advisory recommends organisations and enterprises apply patches as soon as possible; disable unnecessary ports and protocols, replace end-of-life infrastructure, and implement a centralized patch management system to help minimize the threat of cyber-attacks.
