The Canadian Centre for Cybersecurity and the US Federal Investigation Agency (FBI) have issued an advisory warning for cyberattacks mounted by Chinese-linked chloride actors to breach major global communications providers as part of their cyberespionage activities.
The attacker utilized the critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration files from three network devices registered with Canadian telecommunications companies in mid-February 2025.
The threat actor is also said to have modified at least one file to configure a general Routing Encapsulation (GRE) tunnel, allowing for traffic collection from the network. The targeted company name has not been revealed.
Saying that targeting is likely beyond the communications sector, the agency said targeting Canadian devices allows threat actors to collect information from the compromised network and use them as leverage to violate additional devices.
“In some cases, we highly appreciate that the threat activator’s activities will be limited to network reconnaissance,” the alert said.
The agency further noted that Edge Network Devices remains an attractive target for Chinese state-sponsored threat actors seeking to breach and maintain permanent access to telecom service providers.
The findings, together with recorded future previous reports detailing the exploitation of CVE-2023-20198 and CVE-2023-20273, will infiltrate telecoms and internet companies in the US, South Africa and Italy, leverage nutrition to install green cinquenels for long-term access and data expansion.
UK NCSC warns about shoe shelf and umbrella stand malware targeting Fortinet devices
The development comes as the UK National Cybersecurity Centre (NCSC) unveiled two different malware families called shoe shelves and umbrella stands targeting the Fortigate 100D series firewall created by Fortinet.
Shoe racks are post-explosion tools for remote shell access and TCP tunnels through compromised devices, while umbrella stands are designed to execute shell commands issued by attacker control servers.
Interestingly, the shoe rack is based in part on a public tool named Reverse_Shell, which coincidentally recycled by a China-Nexus threat cluster called PurpleHaze and devises the Windows implant codename Goreshell. It is not clear at present whether these activities are related.
The NCSC said it has identified several similarities between the umbrella stand and Coathanger, a backdoor that was previously used by Chinese state-backed hackers in cyberattacks targeting Dutch military networks.
Source link
