“[T]hese devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,” says the advisory from the FBI, the National Security Agency and US Cybersecurity and Infrastructure Security Agency.
The agencies’ statement did not identify the victims of the hacking; the advisory was aimed at defensive measures to help organizations running the devices made by Cisco, Fortinet and other vendors, shore up their networks.
The Chinese government routinely denies hacking allegations.
It’s the latest in a series of public warnings from US cybersecurity officials to try to blunt the impact of foreign operatives’ efforts to infiltrate key computer networks and harvest data for spying or other purposes. As is often the case, the attackers are using vulnerabilities in software that are already known, meaning a fix is available, rather than a fancy hacking exploit that hasn’t been discovered.
China “conducts more cyber intrusions than all other nations in the world combined,” FBI Deputy Director Paul Abbate alleged in an April speech.
But analysts say US efforts to confront China about its alleged cyber campaigns are more complicated than doing so with Russia, due to how deeply intertwined the US and Chinese economies are.