Beijing-backed hackers breach ‘major telecommunications companies,’ authorities warn

The PRC has waged a successful cyber campaign against telecommunications networks since at least 2020, the federal agencies announced in a Tuesday press release.

“Exploiting these vulnerabilities has allowed them to establish broad infrastructure networks to exploit a wide range of public and private sector targets,” the release reads.

Along with Russia, China is one of the most lethal and dangerous actors in cyberspace. In a CrowdStrike report released last year, researchers said a threat group likely linked to China known as “LightBasin” has targeted global telecommunications companies since at least 2016.

CrowdStrike explained that in the past two years alone, at least 13 telecommunications groups were successfully compromised in breaches likely sponsored by China.

In August, hackers successfully breached telecom giant T-Mobile, stealing data from 40 million customers, the company said. Syniverse, a company used by major global telecommunications companies to route messages, also said last year that hackers had quietly exploited its network system for years.

The state-sponsored Chinese hackers appear to be exploiting open-source tools such as open router softwares and devices manufactured by companies such as Cisco, Fortinet and MikroTik, according to the advisory. Once those are exploited, cyber hackers gain a foothold, can scan IP addresses, and further exploit systems for data or breaches.

Rob Joyce, the cybersecurity director at the NSA, said hackers were using telecommunication networks to scale up more sophisticated attacks in the cyber realm.

“To kick them out, we must understand the tradecraft and detect them beyond just initial access,” Joyce tweeted on Tuesday.

In the advisory, the federal agencies recommended several mitigation strategies to combat the cyber intrusions, including patching up systems as soon as possible, disabling unnecessary ports and protocols, and replacing outdated infrastructure.