US: Chinese Government Hackers Breached Telcos To Snoop On Network Traffic (cnbc.com) 29
Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. BleepingComputer reports: As the NSA, CISA, and the FBI said in a joint cybersecurity advisory published on Tuesday, Chinese hacking groups have exploited publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. Once compromised, the threat actors used the devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could use to breach more networks.
"Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," the advisory explains. The attackers then stole credentials to access underlying SQL databases and used SQL commands to dump user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.
"Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure," the federal agencies added. The three federal agencies said the following common vulnerabilities and exposures (CVEs) are the network device CVEs most frequently exploited by Chinese-backed state hackers since 2020. "The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns," the NSA added. Organizations can protect their networks by applying security patches as soon as possible, disabling unnecessary ports and protocols to shrink their attack surface, and replacing end-of-life network infrastructure that no longer receives security patches.
The agencies "also recommend networks to block lateral movement attempts and enabling robust logging and internet-exposed services to detect attack attempts as soon as possible," adds BleepingComputer.
"Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," the advisory explains. The attackers then stole credentials to access underlying SQL databases and used SQL commands to dump user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.
"Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure," the federal agencies added. The three federal agencies said the following common vulnerabilities and exposures (CVEs) are the network device CVEs most frequently exploited by Chinese-backed state hackers since 2020. "The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns," the NSA added. Organizations can protect their networks by applying security patches as soon as possible, disabling unnecessary ports and protocols to shrink their attack surface, and replacing end-of-life network infrastructure that no longer receives security patches.
The agencies "also recommend networks to block lateral movement attempts and enabling robust logging and internet-exposed services to detect attack attempts as soon as possible," adds BleepingComputer.
Deja-vu : Which intelligence agency was first? (Score:2)
https://fossbytes.com/wikileak... [fossbytes.com]
https://arstechnica.com/tech-p... [arstechnica.com]
Re: (Score:3, Interesting)
Re:Deja-vu : Which intelligence agency was first? (Score:4, Interesting)
GCHQ hacked a Dutch telecom company, and stole the keys they use for their SIM cards. Since that company is responsible for providing many of the SIM cards used in Europe and elsewhere, they compromised millions of devices, maybe billions.
I found that my SIM card at the time was one of the compromised ones, and the service provider refused to replace it for free so I ditched them and switched to a different network. Fortunately the new network provided a non-compromised SIM.
Re: (Score:2)
Indeed it is always the same with those US agencies crying "foul" when others do what they started doing a long time ago.
Yes, both of those things are their job. Compromise foreign communications networks, and protect domestic ones. The problem is when they secretly start compromising domestic ones.
Re: (Score:1, Insightful)
The US military panicked when the cold war ended, because the scary communists could not be used to keep America frightened and the money flowing, so they manufactured a couple of Middle Eastern wars.
That worked until the point came when it was no longer possible to justify the cost in either money or blood. (There are still American troops in Iraq. Nobody likes to talk about what they're doing however).
The US military/industrial complex is desperate for a new enemy which is why
Re:Deja-vu : Which intelligence agency was first? (Score:4, Insightful)
It doesn't seem credible that Putin simply woke up one morning, looked at a map, and decided to incur massive costs without a compelling reason.
Well no, it wouldn't be credible because that is not what happened. Because that is not how people operate.
Re: (Score:2)
Yea if we just let Russia annex Georgia, Ukraine, Lithuania, Serbia, Moldova, Poland,... to address their security concerns we would not be in this mess now...
Re: (Score:3)
Russia makes a convenient enemy.
Not really. The Ukraine debacle has shown Russia to be a paper bear.
If we cut the DoD budget to zero and let the Russians invade NATO, all their vehicles would break down before they reached the suburbs of Warsaw.
We need better enemies.
China is our only hope. If we continue to ramp up military spending, we may be able to provoke China into doing the same. A good ol' fashion arms race would give plenty of profits to the MIC.
Re: (Score:1)
Whose fault is that? Mind you, the US does not want to annex anyone...
Funny (Score:3)
Re: (Score:3)
Some actual [technologyreview.com] links [pcmag.com] since I can't find the real CNBC one.
Re: (Score:2)
Huawei doesn't need to put snooping software in their network stuff. They just need to make sure it's "up to standards", where the standard has of course been "easy to hack" for decades now.
Can't make it too hard for the "good" intelligence agencies!
Re: (Score:1)
Chinese word for snooping is Huawei
does that not vaguely translate to "free software" as well?
Link? (Score:1)
The link in the first sentence appear to be for a different article, about a different subject.
well at least they didnt go with Russian this time (Score:1)
Good to switch it up once in a while, else people start getting suspicious.
Apply the NIST 800-53 standards consistently (Score:1)
Chinese Hackers do what they are paid to do (Score:2)
Cursed "slopes" (someone else's characterisation in thins thread), doing what they get paid to do, and doing it well.
the link doesn't match the test (Score:1)