Government agencies in the US, Canada, Australia and New Zealand have issued joint guidance for improving the security of communications infrastructure in response to espionage attacks conducted by China-linked threat actors against major telecommunications providers.
The guidance provides recommendations for strengthening visibility into organizations’ network traffic, user activity, and data flow, which makes it easier for defenders to detect threats, anomalous behavior and vulnerabilities.
The agencies also provide recommendations for hardening devices and systems to make it more difficult for threat actors to gain access to communication infrastructure.
Recommendations have been provided for network engineers and network defenders, with specific advice for each type of team.
The document published by the government agencies highlights guidance that is specific for Cisco devices, which were rumored to have been targeted when news of the attacks broke.
The agencies have now confirmed that they are aware of “Cisco-specific features often being targeted by, and associated with, these [Chinese] cyber threat actors’ activity”.
Organizations have been advised to reduce the risk of exploitation by implementing best practices recommended by Cisco for hardening and securing devices running IOS XE and NX-OS software.
Cisco device users have been advised to disable certain features that are known to have been abused in attacks, and to securely store passwords on devices.
Officials who briefed reporters on the new guidance said the government still doesn’t know the true scope of the attack or the extent to which Chinese hackers still have access to US networks.
The attacks on telecom providers in the US and elsewhere came to light in September, with much of the activity believed to be the work of a threat group named Salt Typhoon.
In the US, targets include major companies such as Verizon, AT&T, Lumen Technologies, and T-Mobile, although T-Mobile said impact was limited in its case.
The hackers’ apparent goal has been the theft of customer data and espionage. In many cases they obtained call and text metadata (dates, times and recipients), but for some victims the attackers were reportedly able to listen in on audio calls in real time and read their texts, particularly in the case of people involved in government or political activity.
Related: US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack
Related: China’s Volt Typhoon Rebuilding Botnet
Related: China Making Claims About Encryption Cracking and Intel Backdoors
