Multiple federal agencies issued a warning against flaws within network devices that may potentially be exploited by the Chinese government. The National Security Agency (NSA), Federal Bureau of Investigations (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a cybersecurity advisory highlighting ways in which hackers hired by China have targeted telecommunications companies and network service providers, using “publicly known vulnerabilities.”
The advisory lists 16 flaws in network device softwares from brands such as Cisco, Netgear, and Pulse Secure. These flaws were publicly disclosed between 2018 and 2021. The networks impacted range from small office/home office (SOHO) routers to medium and large enterprise networks, according to the agencies. By exploiting these vulnerabilities, the hackers are then able to “establish broad infrastructure networks to exploit a wide range of public and private sector targets,” the advisory read.
In order to help mitigate the effects of these public vulnerabilities, the agencies recommend applying patches as soon as possible, disabling unnecessary ports and protocols, and segmenting networks.
The U.S. government has been on high alert for cyber threats posed by countries like Russia and China. Over the last year, we saw at least 6 state governments get hacked by the Chinese government, according to a report by cybersecurity firm Mandiant. The hackers were able to access the computer networks by exploiting a vulnerability in an off-the-shelf commercial web application for animal health management that was being used by 18 states, the report stated.
Meanwhile, China has continuously denied the hacking accusations made against it, and instead accused the U.S. government of cyber attacks. “China once again strongly demands that the United States and its allies stop cyber theft and attacks against China, stop throwing mud at China on cybersecurity issues,” A foreign ministry spokesperson, Zhao Lijian, said last July.