U.S. Agencies Warn That Chinese Hackers are Targeting Telecoms and Network Service Providers

Chinese-backed cyber criminals have been regularly breaching critical infrastructure across the U.S., according to a warning posted by the CISA (Cybersecurity and Infrastructure Agency).

Working with the FBI and the NSA, the agency identified a string of cyber attacks that compromised “major telecommunication companies” and network service providers. The incidents date back to 2020, and involve routine exploitation of known vulnerabilities.

“Exploiting these vulnerabilities has allowed them to establish broad infrastructure networks to exploit a wide range of public and private sector targets,” the advisory states.

No specific threat actors were named, but the attacks are reportedly linked to hacking groups supported by the Chinese government.

The agencies warn that these groups have a history of aggressively targeting critical infrastructure providers to steal sensitive information, intellectual property, and new technologies.

How are these attacks occurring?

Essential services such as telecoms are an obvious target for cyber criminals, given the widespread disruption that can be caused. The most notable recent example is the ransomware attack against Colonial Pipeline, which caused weeks of chaos.

The fuel supplier was forced to halt operations amid the attack, resulting in gas stations running low on fuel. News stories emerged that people across the East Coast were hoarding whatever gas they could get, often in buckets, plastic bags and other unsafe receptacles.

Instances like this demonstrate why critical infrastructure providers must be particularly vigilant when it comes to cybersecurity.

It’s not just their business that’s affected by an attack, and the threat isn’t only to the security and privacy of data subjects. It’s that a data breach can result in practical issues that disrupt people’s day-to-day lives.

Disruption to telecommunication providers can result in outages that affect people’s ability to speak to one another. With many people working remotely, this can cause major problems for productivity, as well as affecting their personal lives.

The attackers were reportedly able to break into their systems using open-source tools and devices manufactured by companies such as Cisco, Fortinet, and MikroTik.

However, it’s not just telecommunications and network service providers that need to be concerned. Rob Joyce, the cybersecurity director at the NSA, noted that these types of organizations were often targeted as a first step in a more sophisticated attack.

Once the attackers compromised their systems, they scanned IP addresses to identify further weaknesses and conduct attacks against other organizations.

“To kick them out, we must understand the tradecraft and detect them beyond just initial access,” Joyce tweeted.

In their advisory, the FBI, NSA and CISA recommended several mitigation measures to prevent these attacks. They include ensuring that patches and updates are applied promptly, disabling unnecessary ports and protocols and replacing outdated infrastructure.

Addressing the essentials of cybersecurity

The tips outlined in the agencies’ advisory are basic steps that every organization should address. You can find support on how to perform these functions with Cyber Essentials, a scheme designed by the UK’s NCSC (National Cyber Security Centre) to bolster organizations’ core cybersecurity practices.

Cyber Essentials contains five basic security controls that, when implemented correctly, will protect organizations from 80% of common cyber attacks.

Its controls are:

  1. Firewalls, which create a buffer zone between the organization’s IT network and other external networks. This helps the organization analyze incoming traffic and block anything malicious.
  2. Software updates, which ensure that patches are applied promptly. This helps them address vulnerabilities that cyber criminals could exploit.
  3. Anti-malware software, which identifies malicious programs on your systems.
  4. Access controls, which ensure that only authorized users can access sensitive information and applications.
  5. Secure configuration, which helps administrators select appropriate settings for devices and software.

IT Governance is a CREST-accredited Cyber Essentials certification body, and we offer a range of services to help organizations achieve certification.

Speak to one of our experts today to find out how Cyber Essentials can help you.