United States security agencies warned Tuesday that Chinese government-backed hackers have breached "major" telecommunications firms by exploiting known software vulnerabilities in routers and other popular network networking hardware.
An advisory was released by the FBI, the National Security Agency, and US Cybersecurity and Infrastructure Security Agency. It stated that the "devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices."
Although the hacker victims were not identified, the warning focused on measures to help enterprises using Cisco, Fortinet, and other suppliers secure their networks, according to a CNN report.
In the recent series of public warnings from US cybersecurity, authorities aimed at reducing the impact of foreign operators attempting to enter critical computer networks and collect data for spying or other objectives.
Smaller Users Could Be Targeted By Hackers
FBI Deputy Director Paul Abbate alleged in April that China "conducts more cyber intrusions than all other nations in the world combined." But the Chinese government consistently denies allegations of cyber attacks.
Smaller computer users may assume they are unimportant to state-sponsored hackers, but the main aim is to exploit compromised devices as additional access points, as per a Forbes report.
They can be used to redirect command and control traffic and act as midpoints to breach additional networks, eavesdropping on the traffic and stealing the ultimate prize: sensitive data, emerging key technologies, and intellectual property.
Hackers Exploit Microsoft Office Vulnerability
According to threat analysis research from security firm Proofpoint, a recently identified vulnerability in Microsoft Office is already being used by hackers connected to the Chinese government.
An information provided on Twitter by Proofpoint, a hacking organization known as TA413 used the vulnerability (dubbed "Follina" by researchers) in malicious Word documents pretending to be transmitted by the Central Tibetan Administration, the Tibetan government in exile based in Dharamsala, India.
The TA413 group is an APT, or "advanced persistent threat," actor suspected of being tied to the Chinese government that has previously targeted Tibetan exiles.
According to a report from The Verge, Chinese hackers have a history of targeting Tibetans by exploiting software security weaknesses.
In a 2019 research, Citizen Lab found widespread spyware targeting Tibetan political personalities, including using Android browser exploits and malicious links transmitted via WhatsApp. Browser extensions have also been used for this reason, with a prior Proofpoint investigation revealing the usage of a malicious Firefox add-on to monitor Tibetan activists.
On May 27, a security research group known as Nao Sec took to Twitter to discuss a sample uploaded to the internet malware scanning service VirusTotal, and the Microsoft Word vulnerability gained significant prominence. The malicious code was sent using Microsoft Word documents used to execute instructions via PowerShell, a sophisticated system administration tool for Windows, according to Nao Sec's tweet.
The potential attack surface for the vulnerability is extensive given the widespread utilization of Microsoft Office and related products.
Follina appears to affect Office 2013, 2016, 2019, 2021, Office ProPlus, and Office 365, according to current analysis, and the US Cybersecurity and Infrastructure Security Agency were advising system administrators to follow Microsoft's mitigating exploitation recommendations as of Tuesday.