China-Sponsored Cyberattackers Target Networking Gear to Build Widespread Attack Infrastructure

  /     /     /  
Publicated : 23/11/2024   Category : security


China-Sponsored Cyberattackers Target Networking Gear to Build Widespread Attack Infrastructure


Compromised routers, VPNs, and NAS devices from Cisco, Citrix, Pulse, Zyxel, and others are all being used as part of an extensive cyber espionage campaign.



State-sponsored cyberattackers affiliated with China are actively building out a large network of attack infrastructure by compromising targets in the public and private spheres.
According to a joint alert from Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI, the attackers are targeting major telecom companies and network service providers with a set of exploits for known vulnerabilities in a variety of routers, VPNs, and other networking gear, as well as network-attached storage (NAS) devices.
The network devices are then being used as additional access points to route command-and-control (C2) traffic and act as midpoints to carry out network intrusions on other entities, according to the alert — all bent on stealing sensitive information.
The cyberattackers typically conduct their intrusions by accessing compromised servers called hop points from numerous
China-based
IP addresses resolving to different Chinese ISPs,
the Feds noted
. The cyber-actors typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers. They use these servers to register and access operational email accounts, host C2 domains, and interact with victim networks. Cyber-actors [also] use these hop points as an obfuscation technique when interacting with victim networks.
On the obfuscation front, CISA said it has observed the groups monitoring network defenders accounts and actions, modifying their ongoing campaign as needed to remain undetected.
The groups also often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network.
To avoid compromise, users should apply available patches, disable unnecessary ports and protocols, and replace end-of-life infrastructure, the agencies noted.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
China-Sponsored Cyberattackers Target Networking Gear to Build Widespread Attack Infrastructure