09 Jun, 2022

Chinese Hackers Breach Telecommunications Systems To Surveillance Network Traffic

He explained that China-backed threat actors target and compromise major telecommunications companies and network service providers to steal credentials and collect data.

As the NSA, CISA, and FBI noted in a joint cybersecurity advisory released Tuesday, Chinese hacking groups have exploited notorious vulnerabilities to breach everything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. Once compromised, threat actors used the devices as part of their attack infrastructure as command and control servers and proxy systems that they could use to breach further networks.

The three federal agencies said the following common vulnerabilities and risks (CVEs) are the most frequently used network device CVEs by Chinese-backed government hackers since 2020.

“The PRC has been using certain techniques and widespread vulnerabilities since 2020 to use it to its advantage in cyber campaigns,” the NSA said.

These CVEs are;

SALES PERSON

 CVE 

Vulnerability Type

Cisco

CVE-2018-0171

Remote Code Execution

CVE-2019-15271

Remote Code Execution

CVE-2019-1652

Remote Code Execution

Citrix

CVE-2019-19781

Remote Code Execution

DrayTek

CVE-2020-8515

Remote Code Execution

D-Link

CVE-2019-16920

Remote Code Execution

Fortinet

CVE-2018-13382

Authentication Bypass

Mikrotik

CVE-2018-14847

Authentication Bypass

ağ aygıtı

CVE-2017-6862

Remote Code Execution

Nabız

CVE-2019-11510

Authentication Bypass

CVE-2021-22893

Remote Code Execution

QNAP

CVE-2019-7192

Privilege Escalation

CVE-2019-7193

Remote Injection

CVE-2019-7194

XML Redirect Deviation Attack

CVE-2019-7195

XML Redirect Deviation Attack

Zyxel

CVE-2020-29583

Authentication Bypass

The NSA, CISA, and FBI are also urging U.S. and allied governments, critical infrastructure, and private sector organizations to implement a list of mitigation measures to help reduce the risk of similar attacks that breach their networks. Federal agencies advise organizations to apply security patches as soon as possible to reduce their attack surface. They recommend disabling unnecessary ports and protocols and replacing end-of-life network infrastructure that no longer receives security patches. They also recommend segmenting networks to prevent lateral movement attempts and enabling robust logging on internet-facing services to detect intrusion attempts as soon as possible.


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.


 

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram