An international coalition of security and intelligence agencies has warned of a large-scale Chinese cyber espionage campaign. According to a joint advisory from CISA, NSA, FBI, and European partners, among others, Chinese state-sponsored hackers have been attacking telecommunications companies, governments, transportation, defense, and hotel systems worldwide since 2021.
The attackers mainly target routers belonging to large telecom providers. They use known vulnerabilities to gain long-term access. These are not unknown zero-days, but rather publicly documented leaks in equipment from Cisco, Palo Alto, Ivanti, and other vendors. By adjusting configurations and opening additional management channels, the hackers maintain access. They can tap network traffic, take over accounts, and exfiltrate data via tunnels and encrypted connections.
What makes this campaign particularly concerning is that even organizations not directly involved in espionage are being exploited as a springboard to other networks. This increases the risk that any company with poorly secured edge devices could become a victim.
Routers too often a blind spot
The agencies involved emphasize that patching routers and firewalls is the first line of defense. Furthermore, isolating management networks, tightening access control, and actively monitoring configurations and log files are crucial. The advice makes it clear that routers are often still a blind spot in security policy, despite being the key to large-scale data theft.
The publication, which involves collaboration from more than twenty countries, underscores the international urgency of this problem. For organizations, the message is that they can no longer take the security of their network equipment for granted. Only with strict control and maintenance can routers be prevented from becoming the silent engine of a global espionage operation.