US officials warned Tuesday that hackers working for the Chinese state could exploit known software flaws in routers to break into the system of major telecoms companies around the world and monitor network traffic.
The devices did not provide details of the companies affected by the attack, but did draw attention to 16 known and serious security holes in the devices of ten manufacturers. Manufacturers include Cisco, Citrix, DrayTek, D-Link, Fortinet, Netgear, MikroTik, Pulse, Qnap, and Zyxel. The list is missing Huawei’s own routers, whose use has already been banned in the United States and several European Union countries.
These tools are often neglected by cyber security professionals, who struggle to keep your online endpoint software up to date.
– He said in a joint appeal by the FBI, the National Security Agency and the US Cyber Security Agency CISA.
Attackers use open source hardware to scan for vulnerable devices and then use the RADIUS protocol to attack known security flaws in routers. The compromised routers route traffic to their own devices, where they process the traffic by filtering information and accessing corporate networks and NAS drives.
The call also includes the usual contraindications: replacing outdated routers, removing unused services, protocols, and ports, enforcing multi-factor user authentication, and isolating disputed devices. pdf document over here Available.
In any case, the Chinese state denies having anything to do with the hackers. However, in a speech in April, FBI Deputy Director Paul Abate noted that Chinese hackers do more hacking than the rest of the world combined. However, given the deep intertwining of the US and Chinese economies, taking action against Chinese state hackers is more difficult than taking action against the Russians. The cybersecurity situation has been a source of diplomatic tension between the two countries since last September.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”