The NSA, CISA, and the FBI published a joint cybersecurity advisory stating that Chinese hackers have taken advantage of publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers all the way to large enterprise networks.
The hackers used the breached devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could utilize to exploit and breach more networks.
The hackers then stole credentials to access SQL databases and used SQL commands to gather user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.
“The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns,” the NSA said.
By exploiting these vulnerabilities, the Chinese-sponsored hackers have built broad infrastructure networks that made it possible for them to launch more public and private sector breaches.
The NSA, CISA, and the FBI strongly urged US and allied governments, critical infrastructure, and private organizations to have mitigation measures that would aid in minimizing the risk of similar attacks in their networks.
Moreover, the federal agencies strongly encourage organizations to apply security patches soonest, disable unnecessary ports and protocols to lessen their attack surface, and replace end-of-life network infrastructure no longer receiving security patches.
They also recommend segmenting networks to stop lateral movement attempts and allowing robust logging on internet-exposed services to monitor and detect attack attempts efficiently.