Chinese hackers can breach routers and steal passwords, FBI and NSA warns

The agencies warn against using outdated equipment that is no longer receiving security patches

Adam Smith
Tuesday 14 June 2022 09:15 BST

China is sponsoring cyber attacks targeting major telecommunication and network service providers in the United States, federal agencies claim.

A new report from the NSA, CISA, and the FBI has claimed that public and private sector organisations are being exploited via routers and Network Attached Storage (NAS) devices.

Hackers are using vulnerabilities that are already well known in software but have not yet been fixed, rather than using an unknown exploit.

“Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices”, the report states.

“In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”

The techniques used by the hackers allow them to gain access to victim’s accounts using publically available code —without using their own distinctive or identifying malware— as long as the hackers implemented their exploit before the victim’s organisations updated their systems.

Hackers are evolving and adapting their tactics in order to bypass defences, with the agencies claiming they have observed state-sponsored actors modifying infrastructure and toolsets. The attacks can steal credentials to databases, and then move user and admin credentials from Remote Authentication Dial-In User Service (RADIUS) servers.

"Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure," the federal agencies state.

The agencies also recommend that the United States government and private industries apply security patches, disable unnecessary ports, and replace infrastructure that no longer receives security updates.

“PRC sponsored actors are using access to telcos and ISPs to scale their targeting”, NSA director of cybersecurity Rob Joyce tweeted. “To kick them out, we must understand the tradecraft and detect them beyond just initial access.”

Earlier this year, Chinese hackers reportedly attempted to attack India’s power grid; a US security firm claimed that the attackers targeted seven Indian state centres for electrical dispatch and grid control.

China’s Foreign Ministry spokesman Zhao Lijian said the report had been “noted” by Beijing, but that China “firmly opposes and combats any form of cyber attacks, and will not encourage, support or condone any cyber attacks.”

In a statement to The Independent, a spokesperson for the Chinese embassy denied the accusations and said that the country opposes and combats cyber theft in all its forms.

“For years, the US, abusing its advantages in the fields of Internet and ICT, has violated the freedom of communication and speech of its citizens through digital surveillance at home, and conducted massive, systematic and indiscriminate data and cyber theft across the world. Danish media disclosed last year that the US National Security Agency eavesdropping on phone calls and text messages of political leaders of Germany, France, Norway, Sweden, the Netherlands and other European countries. Documents leaked by Edward Snowden on the US surveillance programme ‘Stateroom’ show that the US has been operating a highly secretive signals intelligence collection programme through almost a hundred US embassies and consulates worldwide.

“As a matter of fact, the US is the largest source of cyber attacks on China, gravely endangering the security of China’s critical infrastructure, personal data, trade and technology secret. Being a true “empire” of hacking, surveillance and theft of secrets itself, the US has been spreading disinformation about hacking from China. This is pure distortion of facts and a robber acting like a policeman.

“Cyber attacks are a common challenge to all, which must be dealt with through the joint efforts of the international community. Countries should work together to safeguard peace and security in cyberspace through dialogue and cooperation on the basis of mutual respect, equality and mutual benefit. Launching smear campaigns against others and inciting division and confrontation will only undermine mutual trust and international cooperation, rather than enhancing cyber security. The Chinese side once again strongly urges the US to stop cyber theft targeting China and other parts of the world, stop slandering other countries, and act in a responsible way in cyberspace.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in