Trending

ee-track">
Link copied!

U.S. Telecom, Zero-Day Attacks Show Need for Cybersecurity Hygiene

A single hacked admin account highlights the need for strong cybersecurity hygiene to limit damage from breaches.

January 10, 2025 · 4 min read
U.S. Telecom, Zero-Day Attacks Show Need for Cybersecurity Hygiene

As China-backed threat groups have been linked to recent attacks on telecom networks, the U.S. Treasury and other high-value targets, one issue has become increasingly clear: Good cyber hygiene could have limited damage from many of the attacks. 

Organizations have little in the way of defenses against advanced persistent threats (APTs) exploiting unknown zero-day vulnerabilities – at least until there’s an available patch – but they can make it harder for those threat actors to move laterally once inside their network. 

No incident drives that point home more than one cited by Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technology, in a December 27 press briefing. 

Admin Account Had Access to 100,000 Routers 

Many of the media questions focused on China’s infiltration of U.S. telecom networks. Neuberger noted that a ninth telecom service provider has now been identified as a victim. When asked for details, she noted one startling fact about one of the breaches: 

“in one telecoms case, there was one administrator account that had access to over 100,000 routers,” Neuberger said. “So, when the Chinese compromised that account, they gained that kind of broad access across the network. That’s not meaningful cybersecurity to defend against a nation-state actor.” 

Lack of access controls gave the threat actors “broad and full access” to networks. “[W]e believe that’s why they had the capability to geolocate millions of individuals, to record phone calls at will, because they had that broad access.” 

report-ad-banner

Neuberger expressed support for an FCC effort to mandate stronger telecom network security, and said she hopes it includes network segmentation. “Even if an attacker like the Chinese government gets access to a network, they’re controlled and they’re contained,” she said. 

An FCC vote on the new telecom security rules could come on January 15. 

Other important cybersecurity practices cited by Neuberger – and included in hardening guidance from the NSA and CISA – included: 

  • Improved configuration management 
  • Securing the management plane 
  • Better vulnerability management of networks 
  • Improved information sharing on incidents and techniques 

“The Chinese, you know, were very careful about their techniques,” Neuberger said. “They erased logs. In many cases, companies were not keeping adequate logs. So, there are details likely … that we will never know regarding the scope and scale of this.” 

Treasury Hack, Ivanti Zero-Day Exploits Attributed to China 

Other recent attacks attributed to China include the U.S Treasury Department breach and an Ivanti zero-day exploit

The Ivanti Connect Secure, Policy Secure and ZTA Gateways vulnerabilities – CVE-2025-0282 and CVE-2025-0283 – were added to CISA’s Known Exploited Vulnerabilities catalog on January 8, and CISA also published mitigation guidance for the vulnerabilities the same day. 

In response to the growing cyber threat from China, the Biden Administration is reportedly rushing out an executive order to harden federal networks against attacks. 

Cyber Hygiene Recommendations from Cyble 

Cyber hygiene also figures prominently in Cyble’s annual threat landscape report and an accompanying podcast, which will be released next week and will be available as a free Cyble research report

In the podcast, Kaustubh Medhe, Cyble’s Vice President of Research and Cyber Threat Intelligence, noted that perimeter security products such as VPNs, firewalls, WAFs, and load balancers from Fortinet, Cisco, Ivanti, Palo Alto, Citrix, Ivanti, Barracuda and others are “being exploited for ransomware and data theft. 

“What’s concerning is that the patching window for enterprises continues to shrink as ransomware gangs and APT groups are quick to weaponize and exploit zero-day vulnerabilities on a mass scale months before these vulnerabilities becoming public,” Medhe said. 

He listed a number of cybersecurity lapses that commonly lead to breaches and cyberattacks

  • Local copies of sensitive data stored on end user systems and laptops 
  • Insecure file servers, network shares or cloud storage, with weak or non-existent access policies, exposed on the internet 
  • Lack of secure hardening configurations on endpoints, servers and IT infrastructure 
  • Lack of network segmentation, allowing lateral movement 
  • Inadequate protection of API keys, access tokens and passwords in public code repositories 
  • Weak or ineffective endpoint protection and anti-malware solutions, and failure to detect and prevent infostealer infections that lead to credential compromise and theft 
  • Weak endpoint and network-level monitoring controls to detect and prevent high-volume data exfiltration 
  • Security misconfigurations on internet-facing applications and servers and cloud infrastructure 
  • Weak API security settings, inadequate authentication, lack of proper input validation, absence of rate limiting, lack of API monitoring, and weak detection controls 
  • Poor security hygiene at third parties with access to sensitive data 

Conclusion 

Recent cyberattacks linked to Chinese APT groups strongly suggest that while not every cyberattack can be prevented – particularly those involving exploitation of unknown zero days – basic security practices like proper access control and permissions, network segmentation, and proper application, device and cloud configuration could go a long way toward limiting damage from attacks that do occur. 

The good news is that proper cyber hygiene often doesn’t cost anything more than the time to get it right. 

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams