Chinese hackers exploit age-old software bugs to break into telecom giants

The campaign’s success is an impressive illustration of the dangers of malicious software vulnerabilities even years after they were discovered and made public. Zero-day attacks—Vulnerabilities that exploit previously unknown weaknesses — strike a punch and demand attention. But known vulnerabilities remain hidden because networks and devices can be difficult to update and secure with limited resources, personnel, and money.

Rob Joyce, a senior official with the National Security Agency, explains that the advice is meant to provide step-by-step instructions on how to find and expel hackers. “Rock [the Chinese hackers] In addition, we must understand the techniques and detect them beyond the initial access, “he tweeted.

Joyce reiterated the advice, which directs telcos to enact basic cybersecurity practices such as keeping key systems up to date, enabling multi-factor authentication and reducing user exposure. intranets with the internet.

According to the advice, Chinese espionage often begins with hackers using open source scanning tools like RouterSploit and RouterScan to survey target networks and learn their make, model, version and known vulnerabilities of routers and network devices.

With that knowledge, hackers were able to use old but unresolved vulnerabilities to gain access to networks and, from there, break into servers that provide authentication and identity to organizations. targeted. They stole usernames and passwords, reconfigured the router, and successfully extracted the targeted network’s traffic and copied it to their machines. With these tactics, they can keep an eye on virtually everything that’s going on inside organizations.

The hackers then went back and deleted log files on every computer they touched in an attempt to destroy evidence of the attack. US officials did not explain how they discovered the attacks despite the attackers’ efforts to hide their tracks.

The Americans also omitted details about exactly which hacking group they are alleging, as well as the evidence they have that the Chinese government is responsible.

This advice is another warning the United States has issued about China. FBI Deputy Director Paul Abbate said in a recent speech that China “performs more cyber intrusions than all the other countries in the world combined.” The Chinese government regularly denies it participates in any offensive campaign against other countries. The Chinese embassy in Washington, D.C., did not respond to a request for comment.

Source link


News5s: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button