Chinese hackers can breach routers and steal passwords, FBI and NSA warns | #cybersecurity | #cyberattack

(AFP via Getty Images)

China is sponsoring cyber attacks targeting major telecommunication and network service providers in the United States, federal agencies claim.

A new report from the NSA, CISA, and the FBI has claimed that public and private sector organisations are being exploited via routers and Network Attached Storage (NAS) devices.

Hackers are using vulnerabilities that are already well known in software but have not yet been fixed, rather than using an unknown exploit.

“Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices”, the report states.

“In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”

The techniques used by the hackers allow them to gain access to victim’s accounts using publically available code —without using their own distinctive or identifying malware— as long as the hackers implemented their exploit before the victim’s organisations updated their systems.

Hackers are evolving and adapting their tactics in order to bypass defences, with the agencies claiming they have observed state-sponsored actors modifying infrastructure and toolsets. The attacks can steal credentials to databases, and then move user and admin credentials from Remote Authentication Dial-In User Service (RADIUS) servers.

“Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure,” the federal agencies state.

The agencies also recommend that the United States government and private industries apply security patches, disable unnecessary ports, and replace infrastructure that no longer receives security updates.

“PRC sponsored actors are using access to telcos and ISPs to scale their targeting”, NSA director of cybersecurity Rob Joyce tweeted. “To kick them out, we must understand the tradecraft and detect them beyond just initial access.”

The Chinese Embassy in London did not respond to a request for comment from The Independent before time of publication.

Earlier this year, Chinese hackers reportedly attempted to attack India’s power grid; a US security firm claimed that the attackers targeted seven Indian state centres for electrical dispatch and grid control.

China’s Foreign Ministry spokesman Zhao Lijian said the report had been “noted” by Beijing, but that China “firmly opposes and combats any form of cyber attacks, and will not encourage, support or condone any cyber attacks.”

Original Source link

Leave a Reply

Your email address will not be published.

+ fifty two = 55