The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and the FBI, this week issued a joint advisory warning telecommunications companies and network service providers of People’s Republic of China (PRC) state-sponsored cyber actors that continue to pose a threat to their networks.
According to the advisory, these cyber actors are exploiting publicly known vulnerabilities to build a large network of compromised infrastructure. The actors are targeting both the public and private sectors.
CISA explained that threat actors are attacking small office/home office (SOHO) routers and network attached storage (NAS) devices, which serve as midpoints to conduct intrusions on other entities.
“Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices,” CISA said. “In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of internet-facing services and endpoint devices.”
The three agencies said organizations can mitigate the vulnerabilities laid out in the advisory by “applying the available patches to their systems, replacing end-of-life infrastructure, and implementing a centralized patch management program.”
The advisory also recommends organizations enforce multi-factor authentication for all users, disable unused or unnecessary ports or devices, and segment networks to limit or block lateral movement.
CISA, NSA, and the FBI urged all organizations to apply the advisory’s mitigation and detection recommendations “to increase their defensive posture and reduce the risk of PRC state-sponsored malicious cyber actors affecting their critical networks.”