Warning: Chinese Cyber Attacks

Uploaded on 2022-06-13 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

State-sponsored threat actors that are backed by the People’s Republic of China are targeting telecoms and network service providers says the US government. The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) have issued an advisory Alert on cyber attacks from China.

Malicious cyber activities attributed to the Chinese government targeted, and continue to target, a variety of industries and organisations in the United States.

These cyber attacks include “healthcare, financial services, defence industrial base, energy, government facilities, chemical, critical manufacturing (including automotive and aerospace),communications, IT (including managed service providers), international trade, education, video gaming, faith-based organisations, and law firms”, says the US Cybersecurity Agency.

They say that these state sponsored cyber actors continue to exploit “vulnerabilities in order to establish a broad network of compromised infrastructure”. They also say that state-sponsored actors have been working since 2020 to conduct widespread cyber campaigns that exploit Common Vulnerabilities and Exposures (CVEs). By exploiting the CVEs, threat actors were able to exploit code against virtual private networks or public facing applications, authorities said.

This allows threat actors to avoid using their own distinctive or identifying malware, as long as they acted before targeted organisations updated their own systems.

The advisory describes the ways in which state-sponsored cyber actors continue to exploit publicly known vulnerabilities to establish a broad network of compromised infrastructure. “These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organisations”, says the report. “Upon gaining an initial foothold into a telecommunications organisation or network service provider, Chinese state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorisation, and accounting”.

The advisory details the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities, primarily CVEs, associated with network devices routinely exploited by the cyber actors since 2020.

Furthermore, a recent post from Google says that government backed cyber attackers from Iran, N.Korea, Russia and China are all spreading malware by taking advantage of the public’s interest in the Ukrainian war.

CISA:       CISA:      CUNA:    Newswek:    Cybersecurity Dive:    Google:

You Might Also Read: 

US Banks Hit By Russian Cyber Attacks:

 

« Ransomware & Cybercrime
Channel Islands Used To Launch Global Cyber-Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Grid32

Grid32

Grid32 provides independent computer system and physical security audit services to government and corporate clients of all sizes.

Mega

Mega

Mega is a secure cloud data storage provider with browser-based high-performance end-to-end encryption.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

CybrHawk

CybrHawk

CybrHawk is a leading provider of information security-driven risk intelligence solutions focused solely on protecting clients from cyber-attacks.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

Curatrix Technologies

Curatrix Technologies

Curatrix Technologies is a Managed IT Service provider based in Hampshire, UK, providing high quality and reliable Managed IT Services since 2015.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.