The CISA, the NSA, and the FBI have released a combined alert to warn enterprises about the rise in Chinese threat actors’ cyber espionage efforts.
The top objective is still the telecommunications industry.
The assaults are largely directed at telecommunications businesses, according to the advice, and are carried out via exploiting vulnerabilities.
Since 2020, the attackers have been abusing a range of previously disclosed vulnerabilities on a regular basis.
Three Cisco devices are affected, four QNAP devices are affected, two Pulse Secure devices are affected, and one each Citrix, D-Link, Fortinet, Netgear, MikroTik, and DrayTek device is affected.
To scan devices impacted by these vulnerabilities, cyber attackers use software frameworks like RouterSploit and RouterScan. Threat actors can acquire access to victim accounts or public-facing applications after the susceptible device is recognised.
Once within a telecommunications company or network service provider, cyber actors locate important users, systems, and infrastructure in order to ensure long-term persistence.
The hacked devices also function as C2 servers and proxy systems for threat actors to infiltrate other networks, according to the CISA.
Other noteworthy recent occurrences
Researchers have highlighted the suspected involvement of Chinese threat actors in additional espionage campaigns than those targeting telecoms companies.
Proofpoint discovered that a threat actor known as TA413 had used the Follina vulnerability to undertake attacks against the Tibetan community in one event. The threat actors utilised the Central Tibetan Administration’s ‘Women Empowerment Desk’ as a bait to target the community.
Recently, a very sophisticated Chinese APT known as LuoYu reappeared in the threat environment, using a man-in-the-middle assault to transmit WinDealer malware.
The virus was found on computers running Windows, Linux, and Mac OS X, as well as Android smartphones.