Summary: Cybersecurity researchers from Insikt Group have reported on an ongoing cyber espionage campaign by the Chinese state-sponsored group RedMike, which exploits vulnerabilities in Cisco IOS XE devices to gain persistent access to telecommunications infrastructure globally. Their attacks extend beyond telecom companies to include universities and organizations engaged in telecommunications research, raising concerns about strategic intelligence threats. RedMikeโs methodology includes exploiting privilege escalation vulnerabilities for initial access and leveraging GRE tunnels for undetected data exfiltration.
Affected: Telecommunications providers and educational institutions worldwide
Keypoints :
- RedMike exploits CVE-2023-20198 and CVE-2023-20273 vulnerabilities in Cisco IOS XE devices for privilege escalation.
- The campaign targets high-value organizations, including telecoms and universities across multiple countries.
- Attackers maintain covert communication using GRE tunnels, facilitating undetected data exfiltration.