View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 8, 2022updated 05 Aug 2022 7:28am

Chinese hackers are breaching telecoms networks through vulnerable equipment

US cybercrime agencies have issued a rare joint advisory warning of the perils of unsecured network devices.

By Claudia Glover

Chinese hackers are exploiting vulnerabilities in network devices to harvest data and steal credentials from telecoms companies and their customers, US cybercrime agencies have warned.

A joint advisory from CISA, the FBI and NSA has warned about Chinese hackers infiltrating telecoms networks. (Photo by Liderina/iStock)

In a rare joint advisory, the US government cybersecurity agency CISA, the National Security Agency (NSA) and the FBI said unpatched network devices and routers appear to present “a series of high-severity vulnerabilities” that have been exploited by the Chinese government-backed hackers to access “vulnerable infrastructure”. These devices are often overlooked by routine cybersecurity precautions, the notice warns.

Devices manufactured by companies including Cisco, Citrix and Netgear are among those vulnerable, the notice says. These cover equipment ranging from small and home office routers to equipment deployed in enterprise networks.

How are Chinese hackers targeting network infrastructure?

Chinese hackers have been trying to take advantage of these vulnerabilities since 2020, the notice says. They scan individual pieces of equipment for vulnerabilities, which they can then use to gain access to wider telecoms infrastructure or related corporate networks, stealing log-in credentials or accessing other information.

“Upon gaining an initial foothold into a telecommunications organisation or network service provider, [Chinese] state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorisation, and accounting,” the advisory says.

This potentially gives the criminals the opportunity to steal more information. “Access to telecommunication networks allows more extensive attacks to be elevated from the compromised platform,” says Jake Moore, global cybersecurity adviser at ESET. “Once on board, attackers can target other networks and cause serious damage. Advanced persistent threat groups are increasing in power and sophistication and such targets remain under fire, acting as a hub of potential lines of further attack.”

Network devices are often left unpatched

The advisory recommends that organisations patch their devices and software as soon as possible after updates are released, as well as using other security tactics such as multi-factor authentication (MFA) and data back-ups. “Bolstering log on methods to include more robust MFA helps reduce this risk,” Moore agrees.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Updates to networking devices deployed in the field are often overlooked, causing heightened security risks. This is something which is being addressed in the UK through the Product Security and Telecommunications Infrastructure bill, announced by the government last month as part of the Queen’s speech. It will confer new responsibilities on manufacturers of connected devices such as routers and IoT systems, outlawing the use of default passwords, specifying how long security updates will be provided after the device is launched, and mandatory disclosure of known vulnerabilities.

“The three key requirements being brought in seem obvious to many in the security industry, but very few manufacturers have chosen to voluntarily follow these recommendations as the consequences have only ever impacted customers or users, never themselves,” said James Bore, security specialist and director of the Bores Group.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: Fake LinkedIn profiles are being used by foreign spies

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.