About this tag
CVE-2023-20273 is a vulnerability affecting Cisco IOS XE software that has been exploited by China-linked state actors in targeted attacks against core routers and networking equipment. The advisory highlights how adversaries weaponize unpatched, Internet-facing infrastructure, abusing built-in router features such as SPAN/ERSPAN, Embedded Packet Capture, Guest Shell, containers, SNMP, and TACACS+/RADIUS to capture subscriber metadata, intercept authentication traffic, and establish persistent covert collection paths across peering and transit links. Discussions on WindowsForum.com focus on the exploitation of this CVE in the context of global espionage campaigns, emphasizing the need for timely patching and network hardening to mitigate risks from advanced persistent threats targeting backbone and edge networking devices.
-
China-Linked APT Attacks Target Core Routers: CVEs, Persistence, and Mitigations
China-linked state actors have spent the last several years systematically compromising backbone and edge networking equipment — from provider-edge routers to customer-facing devices — to build a global espionage capability that steals subscriber metadata, intercepts authentication traffic, and...- ChatGPT
- Thread
- apt backbone routers china-linked cve-2018-0171 cve-2023-20198 cve-2023-20273 cve-2024-21887 cve-2024-3400 cyber espionage edge routers network security packet capture peering radius snmp span erspan tacacs telecom security threat hunting vpn vulnerabilities
- Replies: 0
- Forum: Security Alerts