The Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI have released a joint advisory saying major telecommunications companies and network service providers have been targeted by Chinese state-backed cyberthreat actors using publicly known vulnerabilities since 2020.
Hackers are exploiting common vulnerabilities and exposures to compromise network devices, such as network attached storage devices and small office/home office routers, and gain access into victims’ accounts, NSA said Tuesday.
The three agencies listed the top network device CVEs that Chinese state-sponsored threat actors exploit, including vulnerabilities that allow remote code execution, privilege elevation and authentication bypass to compromise networks.
According to the advisory, threat actors carry out their intrusions by accessing hop points or compromised servers from several China-based internet protocol addresses resolving to various internet service providers in China.
These hackers “typically obtain the use of servers by leasing remote access directly or indirectly from hosting providers,” the advisory reads.
Some of the mitigation measures outlined in the advisory are keeping systems patched and updated as soon as possible; removing suspected compromised devices from the network; segmenting networks to block lateral movement; enforcing multifactor authentication; disabling external management capabilities; and performing regular data backup procedures.