The Canadian cybersecurity agency has issued a warning about the increasing cyber threats posed by Chinese hackers, particularly targeting misconfigured and unpatched edge devices. The Canadian Center for Cybersecurity has observed a rise in malicious cyber activity from China-linked hackers, including a group known as Salt Typhoon, which has exploited known vulnerabilities in networking equipment to gain access to telecommunications networks in the U.S. and other countries.
According to the agency, Chinese hackers have been targeting network edge routers, and the agency has urged the Canadian cybersecurity community to be more vigilant about this threat. The agency did not provide specific details about the vulnerabilities being exploited but highlighted the risk posed to exposed edge devices, which can be easily detected by mass scanning.
It is emphasized that sensitive or administrative services on these devices are of particular interest to adversaries seeking to exploit edge routers. Chinese hackers, including groups like Salt Typhoon, are part of a larger state-backed effort to gain access to critical infrastructure in Western countries, particularly in the telecommunications sector.
The Canadian agency also pointed out that hackers often target devices running on default security settings, such as insecure ports or protocols, and those that are not regularly updated. Companies that do not deploy adequate network segmentation or access control measures are at greater risk of being targeted by hackers looking to move laterally within their networks.
Once compromised, Chinese hackers have been observed altering configuration files within these devices to enable traffic forwarding and create new administrative accounts. They have also been stealing configuration files to access sensitive information, identify more vulnerabilities, and extract outdated hashing and password types to gain further access.
To mitigate the risk of compromise by Chinese hackers, the Canadian agency has recommended several measures that companies can take, including disabling insecure protocols, limiting access to network management systems, using modern encryption standards, and maintaining centralized logging with off-site storage.
In addition, the agency advised against using weak passwords, such as vendor-assigned default credentials or those exposed in data breaches, and encouraged the use of unique credentials across different systems.
Overall, the Canadian cybersecurity agency’s warning underscores the importance of strengthening defenses against rising Chinese cyber threats, particularly targeting edge devices. By implementing the recommended security measures and staying vigilant, organizations can better protect themselves against these evolving cyber risks.