"The bulletin, courtesy of authorities from 13 countries, said the malicious activity has been linked to three Chinese entities, Sichuan Juxinhe Network Technology Co., Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd. These companies, the agencies said, provide cyber-related products and services to China's intelligence services, with the data stolen from the intrusions, specifically those against telecoms and Internet service providers (ISPs), providing Beijing with the ability to identify and track their targets' communications and movements globally."
""While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks," according to a joint cybersecurity advisory published Wednesday. "These actors often modify routers to maintain persistent, long-term access to networks.""
Salt Typhoon, a China-linked advanced persistent threat, has continued attacks targeting networks globally, with activity dating back to at least 2019. The actors focus on large backbone routers of major telecommunications providers as well as provider edge (PE) and customer edge (CE) routers, and they leverage compromised devices and trusted connections to pivot into other networks. The group often modifies routers to maintain persistent, long-term access. The activity has been linked to three Chinese companies that provide cyber-related products and services to intelligence services, enabling identification and tracking of targets' communications and movements. Thirteen countries co-sealed a security advisory.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]