Chinese government-backed hackers have attacked major telecom businesses throughout the world in a cyber-espionage effort that has lasted at least two years and has successfully compromised at least 13 telecommunications groups.
In a recent advisory, the FBI, NSA and CISA stated that hackers linked to the People’s Republic of China (PRC) had targeted and hacked major telecommunications businesses by exploiting simple and well-known network and system vulnerabilities.
According to the report, Chinese espionage is often initiated with hackers surveying target networks and exploring the manufacturers, models, versions, and known vulnerabilities of routers and networking equipment using open-source scanning tools such as RouterSploit and RouterScan. The Chinese government consistently disputes charges of hacking.
The heads of the FBI and Britain’s domestic security service have just issued sharply worded warnings to business leaders about the threats posed by Chinese espionage, especially spying aimed at stealing Western technology companies’ intellectual property.
In a rare joint appearance on Wednesday July 6th at the headquarters of MI5 in the UK, Christopher Wray, director of the Federal Bureau of Investigation (FBI), and Ken McCallum, director-general of MI5, urged executives not to underestimate the scale and sophistication of Beijing’s campaign.
“The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market,” Mr. Wray told the audience of business people.
“They’re set on using every tool at their disposal to do it.” China uses state-sponsored hacking on a large scale, along with a global network of intelligence operatives in its quest to gain access to technology it considers important, Messrs. Wray and McCallum said.
“The Chinese government poses an even more serious threat to Western businesses than even many sophisticated business people realize,” Mr. Wray added.
PHOTO CREDIT: DOMINIC LIPINSKI/ASSOCIATED PRESS
“We want to send the clearest signal we can on a massive shared challenge—China,” Mr. Wray said in his appearance with his U.K. counterpart. Tackling the threat is essential, he said, “if we are to protect our economies, our institutions and our democratic values.”
“The most game-changing challenge we face comes from the Chinese Communist Party,” Mr. McCallum said. “It’s covertly applying pressure across the globe. This might feel abstract, but it is real and it is pressing.”
China is engaged in “a coordinated campaign on a grand scale” that represents “a strategic contest across decades,” Mr. McCallum said. “We need to act.”
While American law enforcement and intelligence officials have been warning about the problem for years, it is a far more recent phenomenon for British security officials, who until last year made few public comments about the Chinese threat.
MI5 is running seven times more investigations involving Chinese espionage than it did in 2018, and plans to double the current number in the coming years, Mr. McCallum said.
The statement from the American security agencies did not name the victims of the hacking, nor did it specify the extent of the damage. However, US authorities did list specific networking equipment, such as routers and switches, that Chinese hackers are suspected of routinely targeting, exploiting serious and well-known flaws that basically gave the attackers full control over their targets.
Cisco, Citrix, Fortinet and Netgear equipment were among the most often attacked devices. Cisco and Netgear, according to the warning, have already published software updates for the majority of the identified vulnerabilities. The organizations recommended that operators take certain actions to minimize possible threats in addition to applying available patches and system upgrades. These include removing or isolating suspected compromised devices as soon as possible, segmenting the network to limit or prevent lateral movement, disabling unused or unnecessary network services, ports, protocols, and devices, and requiring multi-factor authentication for all users, including those connected via a VPN.
For intelligence organizations, telecommunications companies are particularly valuable targets. These service providers develop and operate the majority of the Internet’s infrastructure, as well as numerous private networks throughout the world. Successfully hacking of these networks can open the door to an even larger universe of valuable surveillance opportunities.