Categories: Technology

Chinese hackers exploited years-old software flaws to break into telecom giants

[ad_1]

The campaign’s success is a dramatic illustration of the danger software flaws pose even years after they’re discovered and made public. Zero-day attacks—hacks exploiting previously unknown weaknesses—pack a punch and demand attention. But known flaws remain potent because networks and devices can be difficult to update and secure with limited resources, personnel, and money.

Rob Joyce, a senior National Security Agency official, explained that the advisory was meant to give  step-by-step instructions on finding and expelling the hackers. “To kick [the Chinese hackers] out, we must understand the tradecraft and detect them beyond just initial access,” he tweeted.

Joyce echoed the advisory, which directed telecom firms to enact basic cybersecurity practices like keeping key systems up-to-date, enabling multi-factor authentication, and reducing the exposure of internal networks to the internet.

According to the advisory, the Chinese espionage typically began with the hackers using open-source scanning tools like RouterSploit and RouterScan to survey the target networks and learn the makes, models, versions, and known vulnerabilities of the routers and networking devices. 

With that knowledge, the hackers were able to use old but unfixed vulnerabilities to access the network and, from there, break into the servers providing authentication and identification for targeted organizations. They stole usernames and passwords, reconfigured routers, and successfully exfiltrated and copied the targeted network’s traffic to their own machines. With these tactics, they were able to spy on virtually everything going on inside the organizations. 

The hackers then turned around and deleted log files on every machine they touched in an attempt to destroy evidence of the attack. US officials didn’t explain how they ultimately found out about the hacks despite the attackers’ attempts to cover their tracks.

The Americans also omitted details on which exact hacking groups they are accusing as well as the evidence they have that indicates the Chinese government is responsible.

The advisory is yet another alarm raised by the United States about China. FBI Deputy Director Paul Abbate said in a recent speech that China “conducts more cyber intrusions than all other nations in the world combined.” The Chinese government routinely denies they engage in any hacking campaigns against other countries. The Chinese embassy in Washington, DC did not respond to a request for comment.

[ad_2]
Source link
Admin

Recent Posts

Super Slot Games Review

Super slots provide the pinnacle of casino gaming with their interactive bonus rounds, captivating graphics,…

4 months ago

The Evolution and Impact of  Nanomedicine

Introduction to Nanomedicine Nanomedicine, a subfield of nanotechnology, involves the application of nanoscale materials and…

4 months ago

Chumba Online Casino Review

Chumba Casino provides an extraordinary online gaming experience. Its sweepstakes model allows players to win…

5 months ago

How to Find the Best Online Casinos to Play For Free

Online casinos provide quick, simple, and highly convenient gambling experiences for their players. Offering a…

5 months ago

How to Achieve a Flawless Complexion with the Right Products

Achieving a flawless complexion is a common skincare goal. With the right face care products, you can enhance…

5 months ago

Creating Ideal Matches: The Mutual Selection of Clients and Businesses

Shared values and goals, transparency, understanding each other's needs, communication, and respecting boundaries are vital…

5 months ago