Close Menu
Edu Expertise Hub
    Facebook X (Twitter) Instagram
    Tuesday, July 8
    • About us
    • Contact
    • Submit Coupon
    Facebook X (Twitter) Instagram YouTube
    Edu Expertise Hub
    • Home
    • Udemy Coupons
    • Best Online Courses and Software Tools
      • Business & Investment
      • Computers & Internet
      • eBusiness and eMarketing
    • Reviews
    • Jobs
    • Latest News
    • Blog
    • Videos
    Edu Expertise Hub
    Home » Latest News » US updates telco security guidance after mass Chinese hack
    Latest News

    US updates telco security guidance after mass Chinese hack

    TeamBy TeamDecember 4, 2024No Comments4 Mins Read0 Views
    Facebook Twitter Pinterest LinkedIn Telegram Tumblr Email
    US updates telco security guidance after mass Chinese hack
    Share
    Facebook Twitter LinkedIn Pinterest Email


    The United States’ Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the FBI, and cyber agencies from Australia, Canada and New Zealand have published a joint security guide for communications services providers (CSPs) in the wake of a series of China-backed incursions on major US telcos.

    Initially reported in October, and confirmed last month, the incidents saw household names including AT&T and Verizon attacked by an advanced persistent threat (APT) group tracked as Salt Typhoon.

    The audacious campaign saw Salt Typhoon operatives break into their targets’ systems and then went on to steal customer call record data. The group was able to compromise the private communications of a number of unnamed individuals “primarily involved in government or political activity”, and also copied some data that was subject to US law enforcement requests pursuant to court orders.

    According to the Wall Street Journal, which first broke the story, Salt Typhoon may have been actively harvesting data from its victims for a period of several months.

    The new guide sets out a number of actions that defenders working in the communications sector should be taking to identify strange behaviour, root out vulnerabilities and threats, and respond to cyber incidents. It also provides guidance on how to reduce their exposure to vulnerabilities, improve secure configuration habits, and cut down the number of likely entry points.

    “The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses. This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors,” said CISA executive assistant director for cyber security, Jeff Greene.

    “Along with our US and international partners, we urge software manufacturers to incorporate Secure-by-Design principles into their development lifecycle to strengthen the security posture of their customers. Software manufacturers should review our Secure by Design resources and put their principles into practice.”

    Bryan Vorndran, assistant director at the FBI Cyber Division, added: “Threat actors affiliated with the People’s Republic of China (PRC) … have targeted commercial telecommunications providers to compromise sensitive data and engage in cyber espionage.

    “We strongly encourage organisations to review and implement the recommended measures in this guide and to report suspicious activity to their local FBI field office.”

    “These hacks are a reminder that … domestic communications infrastructure is critical to our national security,” said Tim Perry, head of strategy at Prepared, a US-based supplier of assistive technology to emergency call handlers and first responders.

    “State actors have the resources and the motivation to exploit our network vulnerabilities, quietly infiltrate our communications networks and collect our most sensitive data. That’s why local, state and federal law enforcement agencies – whether they are running wiretaps, supporting law enforcement sensitive operational communications or just administering their local 911 system – must remain up to date on the latest cyber threats.”

    Advice for network engineers

    The full guidance, which can be accessed via the CISA website, is also highly pertinent to any organisation running on-premise enterprise equipment, particularly operators of critical national infrastructure (CNI), which should be implementing it as a matter of course.

    Besides those tasked with defending communications networks, it sets out steps that network engineers who may not necessarily be steeped in cyber security best practice could, and should, take.

    These include scrutinising and investigating any strange configuration modifications or alterations to devices such as switches, routers or firewalls, inventorising these devices, implementing network flow monitoring, limiting exposure of management traffic to the public internet, monitoring user and service account logins for anomalies, and implementing secure, centralised logging.

    Engineers may also wish to set up an out-of-band management network physically separated from the operational data flow network, implementing access control lists (ACLs), deploy stronger network segmentation with router ACLs, stateful packet inspection and the like, harden and secure virtual private network (VPN) gateways, implement end-to-end encryption, and much more.

    It also includes guidance specific to a number of Cisco-specific features known to have been exploited by Salt Typhoon, including applying hardening best practice to all Cisco operating systems, such as IOS XE and NX-OS.

    This post is exclusively published on eduexpertisehub.com

    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Team

      Related Posts

      Post Office inquiry chair ‘cannot rule out’ scandal caused 13 suicides

      July 8, 2025

      Dual Enrollment Unpacked [Podcast] | EdSurge News

      July 8, 2025

      How our district turned a sea of data into a compass for change

      July 7, 2025

      Fine-tuning to deliver business AI value

      July 7, 2025

      How Teachers Are Making Computer Science Click

      July 6, 2025

      The AI arms race begins at age 4

      July 6, 2025
      Courses and Software Tools

      Extreme Privacy: What It Takes to Disappear

      August 24, 202455 Views

      Modern C++ Programming Cookbook: Master Modern C++ with comprehensive solutions for C++23 and all previous standards

      September 18, 202427 Views

      Meebook E-Reader M7 | 6.8′ Eink Carta Screen | 300PPI Smart Light | Android 11 | Ouad Core Processor | Out Speaker | Support Google Play Store | 3GB+32GB Storage | Micro-SD Slot | Gray

      August 19, 202422 Views

      HR from the Outside In: Six Competencies for the Future of Human Resources

      May 20, 202517 Views

      Coders at Work: Reflections on the Craft of Programming

      April 19, 202516 Views
      Reviews

      Giving You the Skills to Mold Your Career in Digital Marketing | Digital marketing Course |

      July 8, 2025

      Post Office inquiry chair ‘cannot rule out’ scandal caused 13 suicides

      July 8, 2025

      Microsoft Excel Associate MO-200 Certification: Test | Udemy Coupons 2025

      July 8, 2025

      Associate Editorial Graphics Producer

      July 8, 2025

      The Best Free Python Tutorial- Part 6 of 6 | Udemy Coupons 2025

      July 8, 2025
      Stay In Touch
      • Facebook
      • YouTube
      • TikTok
      • WhatsApp
      • Twitter
      • Instagram
      Latest News

      Post Office inquiry chair ‘cannot rule out’ scandal caused 13 suicides

      July 8, 2025

      Dual Enrollment Unpacked [Podcast] | EdSurge News

      July 8, 2025

      How our district turned a sea of data into a compass for change

      July 7, 2025

      Fine-tuning to deliver business AI value

      July 7, 2025

      How Teachers Are Making Computer Science Click

      July 6, 2025
      Latest Videos

      Giving You the Skills to Mold Your Career in Digital Marketing | Digital marketing Course |

      July 8, 2025

      Unlocking Ethical Hacking: Your Cybersecurity Career Guide

      July 7, 2025

      What is Digital Marketing? Scope, Earnings & Who Can Start a Career in It Hammad’s Digital Hub

      July 5, 2025

      Just trend #gacha #memecreator #gachaclub #gcmeme #gachalife #trend #gachememe #edit #memes

      July 4, 2025

      Kenley Jansen notches his 1,000th career MLB strikeout | August 25, 2021 | Dodgers @ Padres

      July 3, 2025
      Latest Jobs

      Associate Editorial Graphics Producer

      July 8, 2025

      Software Engineer, Full Stack (Data Input)

      July 8, 2025

      Machine Operator – 1st Shift

      July 8, 2025

      Reporter

      July 8, 2025

      Business Development/Digital Media Representative

      July 7, 2025
      Legal
      • Home
      • Privacy Policy
      • Cookie Policy
      • Terms and Conditions
      • Disclaimer
      • Affiliate Disclosure
      • Amazon Affiliate Disclaimer
      Latest Udemy Coupons

      Mastering Maxon Cinema 4D 2024: Complete Tutorial Series | Udemy Coupons 2025

      August 22, 202435 Views

      Advanced Program in Human Resources Management | Udemy Coupons 2025

      April 5, 202531 Views

      Diploma in Aviation, Airlines, Air Transportation & Airports | Udemy Coupons 2025

      March 21, 202530 Views

      Python Development & Data Science: Variables and Data Types | Udemy Coupons 2025

      May 24, 202521 Views

      Time Management and Timeboxing in Business, Projects, Agile | Udemy Coupons 2025

      April 2, 202521 Views
      Blog

      3 Ways To Network Over Summer Vacation And Grow Your Career

      July 3, 2025

      Why Community Is Your Most Valuable Career Asset In 2025

      June 28, 2025

      What Employers Are Really Looking For In Job Interviews

      June 27, 2025

      The Best Way to End a Cover Letter (With 4 Winning Examples)

      June 26, 2025

      5 Job Interview Secrets To Beat The Competition

      June 25, 2025
      Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
      © 2025 All rights reserved!

      Type above and press Enter to search. Press Esc to cancel.

      We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
      .
      SettingsAccept
      Privacy & Cookies Policy

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
      Necessary
      Always Enabled
      Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
      Non-necessary
      Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
      SAVE & ACCEPT