Several US government agencies alerted on June 7 to the presence of numerous flaws in routers that could be exploited by hackers in the pay of the Chinese government. These security breaches would provide hackers with the ability to spy on users.
Legacy vulnerabilities used
It was in a report published in early June that the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI raised their fears. The targets of these potential cyberattacks? Telecommunications companies and network service providers in order to intercept and manipulate their network flows.
Data protection: the CNIL alerts the European authorities about a new law
The hackers, commissioned by Beijing, would have recourse to one of the 16 uncorrected flaws of routers from brands such as Fortinet, MikroTik, Netgear, Zyxel or even Cisco. These vulnerabilities had already been reported between 2018 and 2020. Several patches to address them are now available.
In order to limit the risk of hacking, the American authorities are calling companies to apply patches as soon as possible, disable unnecessary ports and protocols, and replace end-of-life network infrastructure “.
What is the method used by hackers?
The hackers commissioned by Beijing would use open source tools such as RouterScan and RouterSploit to achieve their ends. They spot vulnerable devices using these freely available resources. According to the NSA, the affected equipment will ” from small office or home routers to medium and large business networks “.
Their goal is to compromise a RADIUS authentication server, a protocol that centralizes authentication data to recover administrator account passwords. Once obtained, hackers use Secure Shell software to access routers and siphon off their technical configurations. This information will allow them to learn more about the networks of their targets in order to manipulate traffic and prepare for future attacks.
This is not the first time that the Chinese government has been suspected of being behind cyberattacks of such magnitude. At the beginning of May, the cybersecurity company Cybereason revealed the existence of a cyberespionage campaign launched by Beijing, the aim of which was to steal intellectual property. The Middle Kingdom pirates had been working in the shadows for more than 3 years without anyone noticing. In February, the FBI estimated that China was behind the majority of cyberattacks against the United States.