Chinese government backed threat actors have broken into numerous major telecommunications firms around the world in a cyber espionage campaign that has lasted at least two years
Targets have been breached by exploiting old and well-known critical vulnerabilities in popular networking hardware. Once they had a foothold inside their targets, the hackers used the compromised devices to gain full access to the network traffic of numerous private companies and government agencies.
“These devices are often overlooked by cyber defenders,They struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”Advisory Statement
The Chinese hackers allegedly exploited networking devices from major networking technology vendors like Cisco, Citrix, and Netgear. All of the vulnerabilities were publicly known, including a five year old critical flaw in Netgear routers that allows attackers to bypass authentication checks and execute any code they choose an opening that allows for a full takeover of the device and an unfettered window into the victim’s network.
The Chinese espionage typically began with the hackers using open-source scanning tools like RouterSploit and RouterScan to survey the target networks and learn the makes, models, versions, and known vulnerabilities of the routers and networking devices.
By using the unfixed vulnerabilities to access the network and, from there, break into the servers providing authentication and identification for targeted organizations. They stole usernames and passwords, reconfigured routers, and successfully exfiltrated and copied the targeted network’s traffic to their own machines.
Log files on every machine hackers accessed in an attempt to destroy evidence of the attack to erase the track.