Chinese State-Backed Hackers Targeting Major Telecom Companies: US Security Agencies

In a June 7 cybersecurity advisory, they urged those affected to take immediate remedial action.

The advisory, coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), said the hackers “continue to exploit publicly known vulnerabilities,” using tactics to bypass defenses and keeping themselves undetected.

The agencies pointed out that the hackers allegedly utilized open-source tools, such as RouterSploit and RouterScan, and known software flaws in networking devices such as routers.

“[T]hese devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,” noted the agencies.

The agencies did not identify the victim companies in the advisory, but they included a list of the common vulnerabilities and exposures (CVEs) most frequently exploited by the Chinese regime’s hackers since 2020, together with vulnerability types and the major vendors—Cisco, Citrix, D-Link, Fortinet, and Netgear.

They urged potential victims to shore up their networks by applying immediate patches, updating infrastructure, and disabling unnecessary ports and protocols.

The advisory is the latest of the U.S. government’s series of warnings on “Chinese malicious cyber activities,” which date back to 2017.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) lists all of its advisories, alerts, and malware analysis reports on “Chinese malicious cyber activities” from April 2017 onward.

According to CISA’s list, Chinese regime-linked hackers targeted and intruded on U.S. oil and natural gas companies from 2011 to 2013.

Another Chinese regime-backed hacking activity the CISA said was conducted by the Chinese Communist Party’s (CCP) Ministry of State Security (MSS) Hainan State Security Department. These hackers were identified as APT40 by the CISA and the Federal Bureau of Investigation (FBI) in a joint advisory last year.

APT40 “targeted governmental organizations, companies, and universities in a wide range of industries—including biomedical, robotics, and maritime research—across the United States, Canada, Europe, the Middle East, and the South China Sea area, as well as industries included in China’s Belt and Road Initiative,” the advisory said.

The United States charged four Chinese nationals working with the CCP’s MSS Hainan state security department for the hacking activity.

The following are a couple of cases, among the many, of cyberespionage campaigns conducted by CCP hackers.

In March 2022, a hacker group backed by the Chinese regime reportedly exploited vulnerabilities in the online systems of at least six U.S. state governments in order to compromise and gain access to those networks.

In March 2021, cybersecurity group FireEye reportedly found evidence that hackers linked to the Chinese regime exploited a flaw in a Microsoft email application to go after a number of American targets, including a university and local governments.

Chinese Computing Hacking Contest

China hosts its own computer hacking event, the Tianfu Cup international cybersecurity contest, where the best Chinese hackers demonstrate their skills.

At last year’s contest, Kunlun Lab Team and Team Pangu both hacked the iPhone 13 Pro in record time, Forbes reported.

Kunlun Lab did this live on stage, “using a remote code execution exploit of the mobile Safari web browser.” Team Pangu took away the top reward—$300,000 cash—”for remotely jailbreaking a fully patched iPhone 13 Pro running iOS 15,” according to Forbes.

Though the Tianfu Cup demonstrates “a near-peer challenge to U.S. cyber power, ” wrote J.D. Work, a former U.S. intelligence professional, for War on the Rocks. “Yet the People’s Liberation Army Strategic Support Force, Ministry of State Security, and Public Security Bureau’s development efforts remain out of public view.”

Improving US Cybersecurity

Responding to the June advisory from American security agencies, an article in MIT Technology Review stated that preventive actions are necessary to detect and guard against Chinese cyber espionage campaigns.

“[Chinese hackers] stole usernames and passwords, reconfigured routers, and successfully exfiltrated the targeted network’s traffic and copied it to their own machines. With these tactics, they were able to spy on virtually everything going on inside the organizations,” said the article by Patrick Howell O’Neill.

John Mac Ghlionn, a researcher and writer, wrote in a piece for The Epoch Times in February that the United States has never looked more vulnerable to cyber-attacks.

“At present, U.S. agencies suffer from poor cyber hygiene, meaning the practices and precautions used to keep sensitive data safe and secure from attackers are substandard,” Mac Ghlionn wrote.

“This explains why CCP-backed hackers have stolen the data of at least 206 million Americans. Without adequate cybersecurity measures, protected health information (PHI), personal information, and intellectual property are at risk of being compromised.”

Mac Ghlionn added that according to a Senate report, seven out of eight federal agencies, are failing to protect critical data.

Rob Joyce, director of cybersecurity at the NSA, tweeted: “PRC sponsored actors are using access to telcos and ISPs to scale their targeting. To kick them out, we must understand the tradecraft and detect them beyond just initial access.”

PRC sponsored actors are using access to telcos and ISPs to scale their targeting. To kick them out, we must understand the tradecraft and detect them beyond just initial access. https://t.co/l4W4kHKd8B

— Dave Luber (@NSA_CSDirector) June 7, 2022

The Epoch Times reached out to the Chinese embassy in Washington.

An embassy spokesperson in a reply email denied the hacking allegations and claimed that the United States is “groundlessly accusing China on cyber security issues.”