Cyber attacks on telecoms Cisco, Juniper, Fortinet gear targets in China- US gov warns

Cyber attacks on telecoms Cisco, Juniper, Fortinet. Three US government agencies encouraged operators to patch their systems and take other security measures, saying that state-sponsored Chinese hackers have been targeting routers in their networks since 2020.

Cyber attacks on telecoms

Attackers have spent the last few years sniffing out and exploiting vulnerabilities in network devices such as small and home office routers and network-attached storage devices, according to a joint advisory issued by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Among the most frequently targeted devices were Cisco, Citrix, Fortinet, and Netgear equipment.

The agencies also emphasized assaults on service provider infrastructure. Adding that hackers have been utilizing RouterSploit and RouterScan to zero in on known weaknesses, allowing them to get access to a “telecommunications organization or network service provider” network. This is accomplished using Remote Authentication Dial-In User Service (RADIUS) servers, which provide attackers access to critical credentials. According to them, malicious programs have targeted Cisco and Juniper routers.

“Armed with valid accounts and credentials from the compromised RADIUS server and router configurations. The cyber actors returned to the network. Then, successfully authenticated and executed router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure,” according to the warning.

Cisco and Netgear have already published software updates:

Cisco and Netgear, according to the warning, have already published software updates for the majority of the identified vulnerabilities.

The authorities recommended operators take numerous precautions to minimize such threats, in addition to adopting existing patches and system upgrades. These include removing or isolating suspected compromised devices as soon as possible; segmenting the network to limit or prevent lateral movement; disabling unused or unnecessary network services, ports, protocols, and devices; and requiring multifactor authentication for all users, including those using VPN connections.

A Cisco representative told Fierce it “is aware of the CISA alert and also recommends the best practices and mitigations provided. For the CVEs associated with Cisco products, Cisco has released free software updates to address the described vulnerabilities. And published security advisories to inform our customers and explain the remediation steps.” Juniper did not immediately respond to a request for comment.

Moreover, Visit Our Blogs Section for Latest News & Content. You can find us on social platforms Facebook & Twitter

Leave a Comment