A recent report by several US federal agencies shows that Chinese state-backed cybercriminals have attacked and influenced key telecommunications companies and network service providers to steal certificates and collect sensitive data.
This Joint cyber security advice Co-authored by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). Accordingly, Chinese cybercrime organizations continue to abuse commonly known flaws for compromising anything from insecure small office / home office (SHO) routers to medium and even large enterprise networks.
Once compromised with devices, attackers use command-and-control servers and proxy systems to access other networks as part of their own attack infrastructure.
After initially setting foot in a telecommunications company or network service provider, PRC state-sponsored cyber actors have identified key users and infrastructure, including systems critical to maintaining authentication, authentication, and accounting security.
After the discovery of a critical remote authentication dial-in user service (RADIUS) server, malicious actors gained access to the underlying SQL database and used SQL commands to dump credentials, including clearer text and hash for both user and administrative accounts.
Equipped with legitimate accounts and certificates from compromised RADIUS servers and router configurations, cyber actors have returned to the network and secretly routed, captured and expelled traffic from outside the network to successfully authenticate and execute their access and knowledge. Actor-controlled infrastructure.
The NSA, CISA, and FBI consider the general vulnerabilities and exposures (CVEs) listed below as the most misused network devices by state-sponsored cybercriminals since 2020.
China-backed hackers have exploited these vulnerabilities to build a wide-ranging infrastructure network, allowing them to compromise on a wider range of public and private sector entities.
The three federal agencies encourage companies to come up with a set of mitigation strategies to reduce the likelihood of cyber-attacks by compromising their networks. Some of them are:
- Update and patch systems and products as soon as the fix is published. To optimize and speed up the process, consider using a unified patch management solution.
- Immediately remove or disconnect any suspicious compromised devices from the network.
- Implement strict password policies, apply password complexity, change passwords regularly, and review accounts frequently to ensure compliance.
- Individual network to restrict or prevent lateral movement.
- Implement Multifactor Authentication (MFA) for all users without exception.
See all recommendations Here.