Chinese Cyberhackers targeting Cisco gear!

SCWorld.com reported that “A notorious state-sponsored Chinese hacking crew has set it its sights on U.S. telecommunications companies. Known as RedMike, the well-known group has defied law enforcement efforts to cripple its back-end and halt its cyberattacks. This latest round of attacks target known flaws in Cisco devices.”  The February 13, 2025 article entitled “China’s RedMike hackers taking aim at telcos via flaws in Cisco gear” (https://tinyurl.com/mr649ww9) included these comments:

According to the researchers, the attackers have been taking aim at Cisco IOS XE appliances. The exploits target a pair of known vulnerabilities: CVE-2023-20198 and CVE-2023-2027.

Both flaws are elevation of privilege vulnerabilities that, if exploited would allow the attackers to take administrator control over the devices.

While network appliances might not seem like a particularly valuable target for attackers, they provide a valuable foothold for advanced persistent threat actors (APT) seeking to get further into an organization’s internal network.

“Overall, throughout their campaigns, the adversary has shown not only an in-depth understanding of the targeted environments, including the continuous identification of exposed layers for potential reentry, but also a multi-layered attack strategy, using a combination of known tools and custom backdoors that is difficult to detect and mitigate,” noted researchers with security provider NCC Group.

In this case it is believed that the RedMike crew is taking a two-pronged approach. The hackers are trying to get into databases and servers holding valuable intellectual property and research data from the targeted organizations, as well as espionage positions in telcos.

No surprise here, but bad news for Cisco products!