Chinese-based cybercriminals are currently rampaging to target organisations with cyberespionage attacks – a report that several federal law enforcement agencies have warned about.
CISA, NSA, and FBI recently released a joint advisory regarding the rising rate of Chinese threat groups attacking several sectors worldwide, including the most targeted telecommunications industry.
According to the released advisory, numerous Chinese threat groups have exploited existing vulnerabilities since 2020 to hit firms with cyberespionage attacks.
The critical vulnerabilities attackers abuse could impact Cisco, QNAP, Pulse Secure, Citrix, D-Link, Fortinet, Netgear, DrayTek, and MikroTik devices. Moreover, the threat operators are seen utilising software frameworks to scan the compromised devices, including RouterScan and RouterSploit.
Upon finding a vulnerable device, the attackers would begin the intrusion and gain initial access to the victims’ accounts or public-facing apps.
In gaining access to the devices, especially those from the targeted telecommunication firms, the attackers would search for important factors in the attack, such as critical users and system infrastructure, to maintain their persistence inside. Additionally, these infiltrated devices would also act as the attackers’ command-and-control servers and proxy environment for them to breach more servers and networks.
The Chinese-based cybercriminals did not stop from targeting only the telecom industry since security researchers also found their involvement in other cyberespionage attacks that hit other groups of victims. This report includes the TA413 threat group that abused the new zero-day Follina vulnerability to attack the Tibetan diaspora.
Furthermore, the return of the sophisticated Chinese APT group, LuoYu, in the cybercrime landscape had also been discovered using man-in-the-middle tactics to spread the WinDealer malware among their victims. This malware is mainly utilised to compromise operating systems such as Windows, macOS, Android, and Linux.
The joint advisory of the federal law agencies aims to advise users and firms to implement strong cybersecurity protocols within their organisations. This advice includes patching up known vulnerabilities within networks to avoid being attacked.
In addition, it is also recommended to regularly update software and tools used by the organisation’s infrastructure to prevent initial access attacks that could lead to more harmful attack stages. Changing passwords, detaching suspicious devices from the network, and implementing MFA on VPN connections are also highly recommended.
