November 29, 2022

Volume XII, Number 333

Advertisement

November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Joint Advisory Warns of Chinese-sponsored Attacks on Telecommunications Companies

A joint advisory issued June 7, 2022, by the Cybersecurity & Infrastructure Security Agency, FBI and the National Security Agency entitled “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices,” warns that Chinese-sponsored cyber actors are exploiting “publicly known vulnerabilities in order to establish a broad network of compromised infrastructure.” The entities attacked by the hackers include “public and private sector organizations” including telecommunications companies and network service providers.

The top vulnerabilities exploited by the attackers include “Common Vulnerabilities and Exposures (CVEs)-associated with network devices routinely exploited by the cyber actors since 2020,” including “unpatched network devices.”

According to the Alert, “These cyber actors are also consistently evolving and adapting tactics to bypass defenses. The NSA, CISA, and FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected. Cyber actors have modified their infrastructure and toolsets immediately following the release of information related to their ongoing campaigns. PRC state-sponsored cyber actors often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the noise or normal activity of a network.”

The list of CVEs most commonly exploited by the Chinese-based hackers are provided in the Alert. The Alert is meant to “urge” organizations to apply recommended mitigation and detection methods outlined in the Alert and provides resources for more information.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 160
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement