Category | Details |
---|---|
Threat Actors | Chinese state-sponsored hackers (Salt Typhoon campaign). |
Campaign Overview | Breached multiple US telecom companies, targeting high-level network management and monitoring network traffic. |
Target Regions (Or Victims) | US telecommunications companies: Charter Communications, Consolidated Communications, Windstream, AT&T, Verizon, T-Mobile, Lumen Technologies. |
Methodology | Exploitation of vulnerabilities in Fortinet and Cisco network devices; compromised accounts lacking multi-factor authentication. |
Product Targeted | Telecom network infrastructure, routers, and high-level network management accounts. |
Malware Reference | No specific malware identified; focus on exploitation of network device vulnerabilities and espionage. |
Tools Used | Exploited vulnerabilities in Fortinet and Cisco devices; used compromised accounts for access and control. |
Vulnerabilities Exploited | Weak or absent multi-factor authentication and device vulnerabilities in Fortinet and Cisco. |
TTPs | Network infiltration, control of high-level accounts, monitoring of traffic, and obfuscation of activities. |
Attribution | Chinese state-sponsored hacking groups (Salt Typhoon). |
Recommendations | Patch and upgrade apps/devices, implement multi-factor authentication, limit privileged account access, use strong encryption, follow FBI and NSA guidelines. |
Source | Hackread |
Read full article: https://hackread.com/us-telecom-breaches-firms-chinese-salt-typhoon-hackers/
The above summary has been generated by an AI language model
Leave a Reply