As China conducted threatening aerial intercepts in the skies this week, the Cybersecurity and Infrastructure Security Agency (CISA) issued a new report warning Chinese government-linked hackers are exploiting public and private entities to build a vast global network of compromised infrastructure.
In a report about the CISA dispatch, the Washington Times’ Bill Gertz writes “Chinese hackers have been using a system of pirated networks to attack a wide variety of targets worldwide, including telecommunications companies and network service providers, since 2020.” His report points to other cyber attacks by the Chinese, like the 2015 theft of sensitive records from the White House Office of Personnel Management; the 2017 the Equifax attack, and the more recent attacks on six state government networks.
The report, issued by CISA, NSA and FBI specifically warned how the attacks are targeting small office and home office network equipment as part of their “widespread” campaign to target common vulnerabilities and exposures (CVEs), private networks or public facing applications. It cites some targeted equipment vendors Cisco, Fortinet, Netgear and MikroTik.
The report is new, but the risk from Chinese technology in homes, businesses and government agencies and infrastructure is not. CTT has closely documented how technology equipment made by Lenovo and Lexmark, both affiliated with the Chinese government and both restricted by federal agencies yet still used by state governments, put America at risk.
Lenovo’s use of spyware resulted in a multimillion dollar settlement with the Federal Trade Commission in 2017 and its finger-printing scanning software exposed sensitive information of users. The National Vulnerabilities Database lists 20 cyber vulnerabilities for various Lexmark printers, such as saving and transmitting network access credentials.
Policymakers are starting to catch up. In an interview with CTT, New York representative Claudia Tenney specifically called out Lenovo and Lexmark. Georgia State Representative Martin Momtahan led an effort to restrict the purchase of such technology in his state and told CTT he is working to held other states do the same. use of such sensitive technologies
In the skies, in our networks and through backdoors in our hardware, Amercia’s economic and national security is at risk. We know where the threats persist and must use all of our levers – from export controls, to restricting state procurement, expanding the Entity List there is more the US can and should be doing.