Chinese hackers breach 'major' telecoms firms, US says

"These devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices," says the advisory from the FBI, the National Security Agency and US Cybersecurity and Infrastructure Security Agency.



The agencies' statement did not identify the victims of the hacking; the advisory was aimed at defensive measures to help organizations running the devices made by Cisco, Fortinet and other vendors, shore up their networks.

"To kick [the Chinese hackers] out, we must understand the tradecraft and detect them beyond just initial access," tweeted Rob Joyce, an official who has spent decades at the NSA and who is well respected in the cybersecurity community.

The Chinese government routinely denies hacking allegations.

It's the latest in a series of public warnings from US cybersecurity officials to try to blunt the impact of foreign operatives' efforts to infiltrate key computer networks and harvest data for spying or other purposes. As is often the case, the attackers are using vulnerabilities in software that are already known, meaning a fix is available, rather than a fancy hacking exploit that hasn't been discovered.

China "conducts more cyber intrusions than all other nations in the world combined," FBI Deputy Director Paul Abbate alleged in an April speech.

Hacking allegations have been a significant source of friction in the US-China relationship, with President Joe Biden raising the issue on a call with Chinese President Xi Jinping in September. US officials were particularly vexed by an alleged Chinese hacking campaign last year that exposed vulnerabilities in thousands of organizations around the world running popular Microsoft software. Beijing denied the allegations.

But analysts say US efforts to confront China about its alleged cyber campaigns are more complicated than doing so with Russia, due to how deeply intertwined the US and Chinese economies are.