Skip to content
All about technology.All about cybersecurity.

Malicious actors linked to China are successfully breaching network security equipment, causing anxiety among authorities.

Chinese espionage entities are extensively leveraging unused security flaws (zero days) predominantly on devices that lack sufficient endpoint security measures like detection and response systems, according to one expert's statement.

 and  Administrator
3 min read
Cyber attackers with links to China are succesfully breaching network security systems, causing...
Cyber attackers with links to China are succesfully breaching network security systems, causing concern among officials

Malicious actors linked to China are successfully breaching network security equipment, causing anxiety among authorities.

In the ever-evolving landscape of cybersecurity, a significant concern has arisen for agencies responsible for cybersecurity and infrastructure protection: the threat posed by China-linked attackers. These threats keep experts awake at night, as they pose a substantial risk to critical infrastructure organizations.

One of the key issues is the lack of ability for administrators to log into network security devices such as routers, firewalls, VPNs, and VMware hypervisors, view the operating system command line, and see files running on the system. This gap means that victim organizations rarely discover that a malicious actor has compromised their devices and deployed malware.

To counteract this, current strategies revolve around implementing multi-layered defenses, zero-trust architecture, continuous monitoring, and rapid patching combined with advanced threat detection.

One of the key approaches is the zero-trust architecture, which assumes no device or user is trustworthy by default. Continuous verification of identities, application of least privilege access policies, micro-segmentation, and strict access controls are used to reduce the attack surface and prevent lateral movement if a breach occurs.

Multi-layered security combines physical security, network security, cloud security, and strict patch management. Multi-factor authentication and role-based access control are used to harden device and user authentication.

Continuous network security monitoring employs sophisticated AI-powered tools for real-time detection of anomalies such as suspicious device behavior, unpatched software, or insider threats. Automated continuous monitoring accelerates breach detection and mitigation.

Incident response planning defines and regularly tests clear procedures for detection, containment, recovery, and communication in case of zero-day exploit incidents. This includes drill exercises to ensure readiness.

Asset discovery and passive network traffic analysis explicitly identify and fingerprint all network devices, then use passive monitoring to detect anomalies or unauthorized devices without affecting network operations. This helps attribute malicious activity and limits the spread of intrusions.

Rapid patch management and vulnerability mitigation are crucial, even though zero-days by definition avoid patches initially. Organizations must maintain swift patching workflows for all known vulnerabilities and apply compensating controls to reduce risk windows.

Enhanced authentication and encryption are also essential, especially for new network technologies like 5G, to secure data transmissions and device access.

For VMware hypervisors, continuous monitoring for suspicious kernel behavior or privilege escalations, and segmenting management interfaces to restrict access, are particularly important.

Intrusions by state-sponsored threat groups like Volt Typhoon and other China-linked groups are part of an extensive effort to prepare for future attacks. These groups are researching and exploiting the most zero-day vulnerabilities, and their cyberattack capability is immense and growing, according to Wales.

Volt Typhoon has already embedded itself inside the systems of multiple critical infrastructure organizations using living off the land techniques. These undetected intrusions allow attackers to gain long-term access within a victim environment.

The threat from China-linked attackers is driving action at the government level due to their intention to cause systemic harm to the U.S. During visits to critical infrastructure organizations, CISA found that China-linked attackers often gain access through vulnerable edge devices on the networks of these organizations.

In these critical times, it is crucial to make products harder to attack, easier to secure, and to make it easier for critical infrastructure to secure themselves, as emphasized by Wales.

  1. To strengthen network security, the implementation of zero-trust architecture is proposed, which assumes no device or user is trustworthy by default, enforcing continuous verification of identities, least privilege access policies, micro-segmentation, and strict access controls.
  2. As part of the multi-layered security approach, enhanced authentication and encryption are essential, especially for new network technologies like 5G, to secure data transmissions and device access.
  3. In the case of VMware hypervisors, continuous monitoring for suspicious kernel behavior or privilege escalations, combined with segmenting management interfaces to restrict access, is particularly important for cybersecurity.
  4. In the ongoing battle against cyber threats, utilizing threat intelligence and advanced AI-powered tools for real-time detection of anomalies such as suspicious device behavior, unpatched software, or insider threats, is crucial in continuous network security monitoring.

Read also:

    Related

    Latest