• March 20, 2023

Beyond The Hype: What You Really Need To Know About AI In 2023

By now, it’s probably clear to most people that artificial intelligence is going to have a fairly large impact on our lives. A few years ago, you might have been forgiven …

Google AI And Microsoft ChatGPT Are Not Biggest Security Risk, Warns Chess Legend Kasparov

Amid a flurry of Google and Microsoft generative AI releases last week during SXSW, Garry Kasparov, who is a chess grandmaster, Avast Ambassador and Chairman of the Human Rights Foundation, told …

What To Watch For From The Fed’s March Rate Decision

On March 22 the Federal Reserve will announce it update Fed Funds target. Markets suspect a 0.25 percentage point rise as most likely, with a slightly smaller chance of holding rates …

Chinese state-sponsored hackers have been exploiting publicly-known vulnerabilities to compromise major telecommunications companies and network service providers.

In a joint cybersecurity advisory, the NSA, CISA, and the FBI say that attackers have breached networks from small office/home office (SOHO) routers right up to medium and large enterprise networks, using open source tools such as RouterSploit and RouterScan to identify devices with known vulnerabilities.

“The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns,” they warn.

“Exploiting these vulnerabilities has allowed them to establish broad infrastructure networks to exploit a wide range of public and private sector targets.”

Compromised devices are used as additional access points to route command and control traffic and act as midpoints to breach yet more networks, spying on the traffic and stealing data.

“These devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of internet-facing services and endpoint devices,” the advisory reads.


The 16 most concerning vulnerabilities date back to between 2017 and April last year and, say the agencies, have been comparatively easy to exploit.

In one attack, hackers identified a critical Remote Authentication Dial-In User Service (RADIUS) server, then gained credentials to access the underlying Structured Query Language (SQL) database. They then used SQL commands to dump the credentials, which contained both cleartext and hashed passwords for user and administrative accounts.

The credentials were then used with custom automated scripts to establish the current configuration of each router; the attackers could then successfully authenticate and execute router commands to route, capture, and steal data.

Unsurprisingly, the agencies are urging potential victims – including US and allied governments, critical infrastructure providers, and private industry – to apply mitigation measures. These include frequent patching, multifactor authentication, network segmentation and disabling unused or unnecessary network services, ports, protocols, and devices to reduce the attack surface.

However, they warn, organizations will need to stay on the ball.

“NSA, CISA, and the FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected,” they say.

“Cyber actors have modified their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns.”

Indeed, it’s more than possible that the release of this advisory may unfortunately have the same effect.


Leave a Reply

Your email address will not be published.