Feds Say Chinese Hacking Groups Compromised Significant Telecom and Network Providers

International op took down SSNDOB marketplace, MongoDB adds Queryable Encryption, U.S. government has been tracking international tourists, Actors stole $113 million from DEX exchange, more

In a joint advisory, the NSA, CISA, and the FBI said that Chinese hacking groups have targeted and compromised significant telecommunications companies and network service providers to steal credentials and harvest data.

The groups have exploited publicly known vulnerabilities to breach unpatched small office/home office (SOHO) routers, medium large enterprise networks, and other targeted devices. The threat actors used the devices as part of their attack infrastructure as command-and-control servers and proxy systems they could use to breach more networks.

After gaining a foothold into the telecom or network service providers, the threat actors stole credentials to access underlying SQL databases and used SQL commands to dump user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers. The agencies provided a list …