Chinese state-sponsored hackers known as RedMike are targeting telecommunications companies and universities by exploiting vulnerabilities in Cisco devices. The group is using known flaws, specifically CVE-2023-20198 and CVE-2023-2027, to gain administrator control of Cisco IOS XE appliances. These vulnerabilities allow for elevation of privilege, providing a foothold for further network intrusion. RedMike aims to steal intellectual property and research data, as well as establish espionage positions. They employ multi-layered attacks using known tools and custom backdoors, making detection and mitigation difficult. Despite U.S. law enforcement efforts to disrupt their infrastructure, RedMike continues to target telecommunications providers due to the high value of the communications data they handle.