Chinese State-backed Actors Hack Telecom Firms to Steal Data

An advisory recently published by multiple US federal agencies shows that Chinese state-backed cybercriminals have attacked and impacted important telecommunications organizations and network service providers in order to snatch credentials and collect sensitive data.

This joint cybersecurity advisory was coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). According to it, Chinese cybercrime organizations have continued to abuse publicly known flaws to compromise anything from unsecured small office/home office (SOHO) routers to medium and even big enterprise networks.

Once the devices were compromised, the attackers used them as command-and-control servers and proxy systems to break into other networks as part of their own attack infrastructure.

Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.


Following the discovery of a critical Remote Authentication Dial-In User Service (RADIUS) server, malicious actors obtained access to the underlying SQL database and used SQL commands to dump the credentials, which included both cleartext and hashed passwords for user and administrative accounts.


Armed with valid

Read More: