The campaign’s success is a dramatic illustration of the danger software flaws pose even years after they’re discovered and made public. Zero-day attacks—hacks exploiting previously unknown weaknesses—pack a punch and demand attention. But known flaws remain potent because networks and devices can be difficult to update and secure with limited resources, personnel, and money.
Rob Joyce, a senior National Security Agency official, explained that the advisory was meant to give step-by-step instructions on finding and expelling the hackers. “To kick [the Chinese hackers] out, we must understand the tradecraft and detect them beyond just initial access,” he tweeted.
Joyce echoed the advisory, which directed telecom firms to enact basic cybersecurity practices like keeping key systems up to date, enabling multifactor authentication, and reducing the exposure of internal networks to the internet.
According to the advisory, the Chinese espionage typically began with the hackers using open-source scanning tools like RouterSploit and RouterScan to survey the target networks and learn the makes, models, versions, and known vulnerabilities of the routers and networking devices.
With that knowledge, the hackers were able to use old but unfixed vulnerabilities to access the network and, from there, break into the servers providing authentication and identification for targeted organizations. They stole usernames and passwords, reconfigured routers, and successfully exfiltrated the targeted network’s traffic and copied it to their own machines. With these tactics, they were able to spy on virtually everything going on inside the organizations.
The hackers then turned around and deleted log files on every machine they touched in an attempt to destroy evidence of the attack. US officials didn’t explain how they ultimately found out about the hacks despite the attackers’ attempts to cover their tracks.
The Americans also omitted details on exactly which hacking groups they are accusing, as well as the evidence they have that indicates the Chinese government is responsible.
The advisory is yet another alarm the United States has raised about China. FBI deputy director Paul Abbate said in a recent speech that China “conducts more cyber intrusions than all other nations in the world combined.” The Chinese government routinely denies that it engages in any hacking campaigns against other countries. The Chinese embassy in Washington, DC, did not respond to a request for comment.