China-backed hackers are successfully targeting U.S. telecommunications companies in major breaches, the Federal Cybersecurity and Infrastructure Security Agency (CISA) warned on Tuesday.
The FBI, National Security Agency (NSA) and CISA said in an advisory that hackers affiliated with the People’s Republic of China (PRC) have targeted and compromised “major telecommunications companies” through vulnerabilities in easy and known network and system.
The PRC has waged a successful cyber campaign against telecommunications networks since at least 2020, federal agencies said in a press release Tuesday.
“Exploitation of these vulnerabilities allowed them to establish vast networks of infrastructure to exploit a wide range of public and private sector targets,” the statement said.
Along with Russia, China is one of the deadliest and most dangerous actors in cyberspace. In a CrowdStrike report published last year, researchers said a group of threats likely linked to China known as “LightBasin” had been targeting global telecommunications companies since at least 2016.
CrowdStrike explained that in the past two years alone, at least 13 telecommunications groups have been successfully compromised in breaches likely sponsored by China.
In August, hackers broke into telecommunications giant T-Mobile, stealing the data of 40 million customers, the company said. Syniverse, a company used by major global telecommunications companies to route messages, also said last year that hackers had quietly exploited its network system for years.
Chinese state-sponsored hackers appear to be exploiting open source tools such as open router software and devices made by companies including Cisco, Fortinet and MikroTik, according to the notice. Once exploited, hackers gain a foothold, can scan IP addresses and further exploit systems for data or breaches.
Rob Joyce, director of cybersecurity at the NSA, said hackers were using telecommunications networks to scale up more sophisticated attacks in cyberspace.
“To kick them out, we need to understand the business and detect them beyond just initial access,” Joyce tweeted tuesday.
In the advisory, federal agencies recommended several mitigation strategies to combat cyber intrusions, including patching systems as soon as possible, disabling unnecessary ports and protocols, and replacing outdated infrastructure.