"According to a joint advisory from CISA, NSA, FBI, and European partners, among others, Chinese state-sponsored hackers have been attacking telecommunications companies, governments, transportation, defense, and hotel systems worldwide since 2021. The attackers mainly target routers belonging to large telecom providers. They use known vulnerabilities to gain long-term access. These are not unknown zero-days, but rather publicly documented leaks in equipment from Cisco, Palo Alto, Ivanti, and other vendors."
"What makes this campaign particularly concerning is that even organizations not directly involved in espionage are being exploited as a springboard to other networks. This increases the risk that any company with poorly secured edge devices could become a victim. Routers too often a blind spot The agencies involved emphasize that patching routers and firewalls is the first line of defense. Furthermore, isolating management networks, tightening access control, and actively monitoring configurations and log files are crucial."
Chinese state-sponsored actors have attacked telecommunications companies, governments, transportation, defense, and hotel systems worldwide since 2021. The attackers primarily target routers of large telecom providers, exploiting publicly documented vulnerabilities in equipment from Cisco, Palo Alto, Ivanti, and other vendors to gain long-term access. Intruders adjust configurations, open additional management channels, tap network traffic, take over accounts, and exfiltrate data via tunnels and encrypted connections. Organizations not directly involved in espionage are being used as springboards, increasing risk to companies with poorly secured edge devices. Patching routers and firewalls, isolating management networks, tightening access control, and monitoring configurations and logs are critical defenses.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]