Despite efforts by telecom companies to remove intruders, Chinese hackers often disable logging and clear logs to conceal their activities, making detection challenging.

The campaign exploits common vulnerabilities rather than zero-day exploits, highlighting the importance of timely patching, proactive threat hunting, and securing edge devices.

Intelligence and cybersecurity agencies from 13 countries have issued an advisory blaming three Chinese tech companies for a widespread cyber-espionage campaign targeting global critical infrastructure, including telecommunications and government networks.

The hackers primarily target large backbone routers of major telecom providers, exploiting known vulnerabilities in devices such as Cisco, Ivanti, and Palo Alto, to maintain persistent access and move laterally within networks.

Their tactics include exploiting vulnerabilities, tampering with network configurations, creating tunnels, and modifying routing tables, often using protocols like SSH and TACACS+ to deepen access and evade detection.

Threat actors often protect their access by compromising administrator accounts and monitoring for detection signs, complicating incident response efforts.

Cybersecurity professionals are encouraged to review advisories to understand ongoing threats and improve defensive measures.

Security agencies recommend immediate mitigation actions, including patching vulnerabilities, securing edge infrastructure, disabling legacy features, and monitoring for unauthorized network changes.

Organizations should report suspicious activities, implement security strategies, and prioritize defending critical infrastructure against these persistent Chinese cyber espionage operations.

The campaign has targeted sensitive information, including call records of U.S. officials and political figures, raising concerns about election interference and privacy breaches.

Mitigation strategies emphasize network hardening, such as disabling unused ports, managing-plane isolation, enforcing strong credentials, and replacing legacy protocols with secure alternatives.

Organizations are advised to conduct comprehensive incident response, continuous monitoring, red-teaming, and full network remediation to defend against ongoing threats.