Baicells: A Retrospective
The article discusses an investigation by the U.S. Commerce Department and the FBI into Baicells Technologies, a Chinese tech firm, due to national security concerns over potential vulnerabilities in its telecom equipment. The piece highlights the company’s operations in the U.S. and critical security flaws found in specific hardware models. It also reflects on the methodology used to analyze public data related to Baicells devices. Affected: Baicells Technologies, U.S. telecommunications infrastructure, local municipalities, healthcare facilities, utility systems

Keypoints :

  • Investigation by U.S. Commerce Department and FBI into Baicells Technologies due to national security concerns.
  • Baicells has been providing telecom equipment in the U.S. since 2015, impacting various sectors.
  • Critical vulnerabilities identified in devices running particular firmware versions.
  • Censys contributed high-level data on public internet exposure of Baicells devices.
  • Two critical vulnerabilities, CVE-2023-24508 and CVE-2023-0776, were assessed for affected hardware models.
  • Baicells devices interact with U.S. government and military networks, heightening security concerns.
  • Analysis of vulnerabilities detailed the potential for arbitrary code execution through poorly secured administrative interfaces.
  • Evidence of VPN configurations present in firmware configurations could potentially allow unauthorized access to Baicells devices.
  • Overall caution is advised regarding foreign influence on critical communication infrastructures.

MITRE Techniques :

  • Exploitation of Remote Services (T1210): Potential exploitation of insecure web administrative interfaces on Baicells devices.
  • Remote File Copy (T1105): Malicious actors could leverage vulnerabilities to upload or execute commands via remote administration scripts.
  • Command and Control (C2) (T1071): Possible misuse of established VPN configurations to create unauthorized communication channels to Baicells infrastructure.

Indicator of Compromise :

  • IPv4: 114.114.114.114
  • Domain: baiomc.chinacloudapp.cn
  • IP Address: 42.159.86.204
  • URL: http://$HOST/utility/run_commands.sh
  • Hash: (no valid hashes identified in the text)


Full Story: https://censys.com/baicells-retrospective/