NEW DELHI: Cyber security and intelligence agencies have issued a fresh warning about China-sponsored hackers attacking telecom and private sector companies
The attackers are also sharply using tactics to remove their logs from affected systems, leaving behind no clue about their activity or interference with a system, according to the advisory.
The advisory has been issued jointly by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently.
ALSO READ: India Countered Cyber Threat During Lockdown From China And Pakistan
The agencies also highlighted how these cyber players are increasing the network and vulnerabilities to exploit public and private sector companies’ data since 2020.
“The long spread intrusion campaigns are planning to exploit the public identified security flaws in the network devices like a small office or home office (SOHO) routers along with Network Attached Storage(NAS) devices. They want to get deeper access and target the users in the network,” the warning stated.
ALSO READ: Microsoft Takes Control Of 42 Websites Used By China Backed Hackers For Espionage
“Also, the attackers utilize the following compromised devices as the route command-and-control also known as C2 which will break inside other targets at scale the US,” it noted.
Another feature common to these cyber attackers as pointed out in the warning is that these perpetrators shift their techniques to respond to the public disclosures.
The attackers are also titled towards a combination of open-source and custom tools for performing reconnaissance and vulnerability scanning to blend the activity.
“The attacks themselves are facilitated by accessing the compromised servers, which agencies titled hop points and they are from Chinese-based IP addresses and they use them to host the C2 domains, and email accounts and for communicating with the target networks,” according to the warning.
ALSO READ: Almost Blackout At 3 Million Homes: Massive Cyber Attack On Australian Energy Infra By Chinese Hackers
The agencies warned that cyber actors use the hop points as an obfuscation technique while interacting with the victim networks and found a detailed and adversary pattern of weaponizing the flaws in the field of the organization’s telecommunication system and network service providers.
“After successfully gaining a foothold inside the network with the help of unpatched internet-facing assets the actors will be able to view the credentials of user and administrative accounts,” the warning stated about the modus operandi of the China-based attackers.
“It is followed by the running router commands to surreptitiously route, capture, and exfiltrate the traffic working out of the network range towards the actor-controlled infrastructure,” the warning advisory showed.
More significantly, the intelligence agencies in the US noted that the cyber attackers modify or delete the local log files to remove the evidence of their activity which helps them keep their presence on the system hidden and prevent detection.
The agencies did not find a particular threat actor but also noted the findings that reflect the Chinese state-sponsored groups, according to the warning.
The serious warning came after cyber security authorities in the US declared the most routinely exploited initial access vectors for breaching the targets, which include misconfigured servers, weak password controls, unpatched software and failure techniques for blocking phishing attacks.
“Entities can mitigate the vulnerabilities identified in this alert by installing available fixes to their systems, replacing end-of-life infrastructure, and adopting a centralised patch management programme,” the warning stated.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube