China-sponsored cybercriminals are hacking network providers and devices to spy on users

Tudor Cibean

Posts: 172   +11
In brief: Chinese state-backed hackers are reportedly using unpatched consumer routers and network-attached storage (NAS) devices to gain access to the infrastructure of major telecommunications companies. The traffic on those systems is then captured and sent to Chinese servers. The US agencies issuing the alert didn't name any victims.

According to a new alert, Chinese state-sponsored hackers are exploiting known security vulnerabilities in unpatched network devices to establish a broad network of compromised infrastructure.

The joint advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and the FBI.

Some of the affected devices include consumer routers made by Cisco, D-Link, and Netgear and NAS devices made by QNAP. These serve as access points to route command and control (C2) traffic and act as midpoints to compromise other entities, such as telecommunications companies and network service providers.

After infiltrating these telco networks, the cybercriminals execute router commands to route, capture, and exfiltrate traffic to their own servers. At the same time, they monitor network defenders' accounts and actions and modify their ongoing attacks to remain undetected.

The cyber actors reportedly use open-source tools, like RouterScan and RouterSploit, to scan for vulnerabilities. They conduct their intrusions through compromised servers called hop points, which typically have China-based IP addresses resolving to different Chinese ISPs.

The agencies claim that hackers lease remote access to the servers directly or indirectly from hosting providers and then use them to register and access operational email accounts, host C2 domains, and interact with victim networks. The hop points are also used as an obfuscation technique.

In related news, the FBI issued an alert last month warning US universities that their VPN credentials are being sold on Russian cybercriminal forums.

Permalink to story.


Uncle Al

Posts: 9,363   +8,581
Yeah, disconnecting China, Russia, North Korea and a few more choice candidates will go a long way in slowing down all this cra* ......


Posts: 1,349   +2,026
Explain to me how you go from an "unpatched consumer router" (soft target) to the "infrastructure of major telecommunications companies" (should be a hardened target that never trusted the consumer routers that connect to it in the first place?)

Avro Arrow

Posts: 3,368   +4,377
I wonder how much of this is true and how much of it is lies. I stopped taking what the US government says at face value more than a decade ago. For all we know, this has as much truth to it as the "Weapons of Mass Destruction in Iraq" that never existed but were used as a pretense for war.

Little releases like this, with ZERO specifics, are just done to rile up the uninformed masses so that they'll support military action.

It's called propaganda and man, it works like a charm, eh? :laughing: