Beijing-backed baddies target unpatched networking kit to attack telcos

From theregister.com

State-sponsored Chinese attackers are actively exploiting old vulnerabilities to “establish a broad network of compromised infrastructure” then using it to attack telcos and network services providers.

So say the United States National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which took the unusual step of issuing a joint advisory that warns allied governments, critical infrastructure operators, and private industry organizations to hurry up and fix their IT estates.

The advisory states that network devices are the target of this campaign and lists 16 flaws – some dating back to 2017 and none more recent than April 2021 – that the three agencies rate as the most frequently exploited.

Read more…