Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices

Government agencies issue guidance on Chinese telecoms hacking as US officials say threat actors may have yet to be expelled. 

Chinese attacks on US telecommunications

Government agencies in the US, Canada, Australia and New Zealand have issued joint guidance for improving the security of communications infrastructure in response to espionage attacks conducted by China-linked threat actors against major telecommunications providers.

The guidance provides recommendations for strengthening visibility into organizations’ network traffic, user activity, and data flow, which makes it easier for defenders to detect threats, anomalous behavior and vulnerabilities.

The agencies also provide recommendations for hardening devices and systems to make it more difficult for threat actors to gain access to communication infrastructure.

Recommendations have been provided for network engineers and network defenders, with specific advice for each type of team. 

The document published by the government agencies highlights guidance that is specific for Cisco devices, which were rumored to have been targeted when news of the attacks broke.

The agencies have now confirmed that they are aware of “Cisco-specific features often being targeted by, and associated with, these [Chinese] cyber threat actors’ activity”.

Organizations have been advised to reduce the risk of exploitation by implementing best practices recommended by Cisco for hardening and securing devices running IOS XE and NX-OS software. 

Cisco device users have been advised to disable certain features that are known to have been abused in attacks, and to securely store passwords on devices. 

Advertisement. Scroll to continue reading.

Officials who briefed reporters on the new guidance said the government still doesn’t know the true scope of the attack or the extent to which Chinese hackers still have access to US networks.

The attacks on telecom providers in the US and elsewhere came to light in September, with much of the activity believed to be the work of a threat group named Salt Typhoon.

In the US, targets include major companies such as Verizon, AT&T, Lumen Technologies, and T-Mobile, although T-Mobile said impact was limited in its case. 

The hackers’ apparent goal has been the theft of customer data and espionage. In many cases they obtained call and text metadata (dates, times and recipients), but for some victims the attackers were reportedly able to listen in on audio calls in real time and read their texts, particularly in the case of people involved in government or political activity. 

Related: US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack

Related: China’s Volt Typhoon Rebuilding Botnet

Related: China Making Claims About Encryption Cracking and Intel Backdoors

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.