CyberattacksThe Cybersecurity and Infrastructure Security Agency reveals china cyberattacks on US firms

China-backed hackers have breached major telecommunications companies among a range of other targets across the globe, warned US security agencies. China cyberattacks by the FBI and the Cybersecurity and Infrastructure Security Agency are nothing new. It outlines the tactics, techniques, and procedures they use. The Cybersecurity and Infrastructure Security Agency (CISA) published a new advisory warning public and private sector spheres about China-based state-sponsored cyber-attacks against US firms. NSA, CISA, and FBI also recommend segmenting networks and enabling robust logging of internet-facing services and network infrastructure accesses, the agencies added.

State-sponsored cyberattacks on US firms:

Cybersecurity and CISA, the National Security Agency (NSA), and the FBI, the attackers are targeting major telecom companies and network service providers with a set of exploits for known vulnerabilities in a variety of routers, VPNs, and other networking gear, such as well as network-attached storage (NAS) devices. Reports describe a series of common vulnerabilities and exposures (CVEs) associated with network devices that would have been regularly exploited by the unnamed cyber-actors since 2020.

The cyber attackers typically conduct by accessing compromised servers called hop points from numerous China-based IP addresses resolving to different Chinese ISPs, the Feds noted.  In a statement, the FBI, the CISA, the NSA, and US Cybersecurity and Infrastructure Security Agency said, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.

Devices like small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, were exploited to gain extensive and/or persistent access to organizations’ networks, and as a command-and-control (C2) tactic to pivot to other targets. The network devices are then being used as additional access points to route C2 traffic. The network devices act as midpoints to carry out network intrusions on other entities, according to the alert all bent on stealing sensitive information.

The cyber-actors used a mix of the customized toolset and publicly available tools and the network environment, in order to obscure activity and blend into the normal activity of a network. Cyber-actors use these hop points as an obfuscation technique when interacting with victim networks. General mitigations outlined in the advisory include: applying patches as soon as possible, disabling unnecessary ports and protocols, and replacing end-of-life network infrastructure.

Managers of internal enterprise data centers should pay attention to the CISA advisory even if they're not in one of the targeted industries listed in the China cyberattack report. It has observed the groups monitoring network defenders' accounts and actions, modifying their ongoing campaign as needed to remain undetected.

CISA might have more information about the attack, such as secret backdoors the attackers could have left in place or other sensitive intelligence. To mitigate the vulnerabilities listed in the advisory, CISA said organizations should apply any available patches to their systems, replace end-of-life infrastructure, and implement a centralized patch management program and users should apply available patches, disable unnecessary ports and protocols, and replace end-of-life infrastructure.