Salt Typhoon Cyber Attacks: Chinese State-Sponsored Group Targets Telecom Networks via Cisco Routers

Listen to this Post

2025-02-13

Salt Typhoon, the Chinese state-backed hacking group, has been actively targeting and infiltrating global telecom networks, utilizing Cisco routers to gain unauthorized access to sensitive infrastructures. As part of an ongoing wave of cyberattacks, Salt Typhoon has successfully compromised networks worldwide, including those in the U.S., Europe, and beyond. This article explores the group’s latest activities, the vulnerabilities they exploited, and the broader implications of their operations on global cybersecurity.

Summary

Salt Typhoon, a Chinese threat actor, has been implicated in a series of cyberattacks that continue to impact telecom networks globally. Recorded Future’s Insikt Group reported that between early December and January, seven Cisco network devices were compromised across five telecom networks, including those in the U.S., Thailand, Italy, and South Africa. The group used two major vulnerabilities in Cisco’s IOS XE operating system—CVE-2023-20198 and CVE-2023-20273—to exploit telecom providers, specifically targeting internet-exposed routers. These vulnerabilities were among the most exploited in 2023 and allowed Salt Typhoon to escalate privileges, gaining full access to critical systems.

The attacks involved chaining multiple vulnerabilities, allowing the group to create new user accounts, escalate privileges, and execute their attacks undetected. U.S. officials have highlighted the ongoing challenges in fully eradicating the group’s presence from targeted networks. Despite extensive cybersecurity measures, Salt Typhoon continues to exploit vulnerabilities in telecom infrastructure, undermining global efforts to secure critical networks. The group’s activities raise significant concerns about the vulnerability of global telecommunications systems to state-sponsored cyber warfare.

What Undercode Says:

Salt Typhoon’s operations represent a significant escalation in the tactics and ambitions of state-sponsored cyberattacks, specifically from Chinese cyber operatives. These attacks target infrastructure that is essential for global communication, making them not only a security concern but also a matter of national and international security. The group’s use of publicly known vulnerabilities in Cisco routers, combined with their ability to exploit them across various international targets, reveals the deepening sophistication and strategic focus of the Chinese state’s cyber capabilities.

The exploitation of vulnerabilities like CVE-2023-20198 and CVE-2023-20273 is especially troubling, as these flaws were known and had corresponding patches issued by Cisco. However, their continued exploitation indicates a significant gap in the global patching and security enforcement process. Telecom providers, particularly those operating globally, often run diverse and complex infrastructures that make them attractive targets. For instance, the fact that Salt Typhoon targeted U.S. telecoms and affiliates of major global providers like AT&T and Verizon speaks to the group’s strategic interest in critical communication networks.

The

Moreover, Salt Typhoon’s focus on telecom companies and universities hints at its potential objectives—stealing sensitive data, including metadata, communications, and potentially intellectual property. For instance, targeting universities involved in telecom and engineering research suggests an interest in gaining access to cutting-edge technologies and government-related communications. This targeted approach is a hallmark of nation-state actors, who are often interested not just in disrupting operations but in strategic espionage.

The fact that these attacks are ongoing and that Salt Typhoon’s presence on networks has not been entirely eradicated speaks volumes about the resilience of state-sponsored cyber groups and their ability to stay active despite concerted efforts to block them. The continued warnings from U.S. authorities about these groups reflect an escalating arms race in cybersecurity. As nation-states like China develop more sophisticated cyber capabilities, the global community must prepare for an evolving threat landscape, one where traditional defenses may no longer be sufficient.

In response to these growing threats, organizations worldwide are advised to harden their networks by implementing robust security practices, including regular patching and adherence to vendor-specific security guidelines. For example, Cisco has released advisories and patch updates to address these vulnerabilities, and following these recommendations could significantly reduce the risk of such attacks. However, as Salt Typhoon’s activities show, even with best practices in place, defending against nation-state actors remains a daunting challenge, especially when considering the potential for highly targeted, long-term infiltration efforts.

Looking ahead, it’s clear that cybersecurity strategies must evolve. Traditional perimeter-based defenses are no longer enough when adversaries are exploiting known vulnerabilities and deploying advanced techniques to bypass detection. As part of a broader cybersecurity strategy, nations and organizations must foster international collaboration to share threat intelligence, improve incident response capabilities, and develop advanced defenses that are capable of countering highly sophisticated, state-backed cyber threats like Salt Typhoon.

In conclusion, Salt Typhoon’s cyberattacks serve as a stark reminder of the growing risks posed by state-sponsored cyber threats. The ability of such groups to infiltrate critical infrastructure and steal sensitive information not only jeopardizes the security of individual companies but also poses a significant national security risk. As these types of attacks grow more frequent and more complex, it will be crucial for the global cybersecurity community to stay vigilant, proactive, and collaborative in the face of an ever-evolving threat landscape.

References:

Reported By: https://cyberscoop.com/salt-typhoon-china-ongoing-telecom-attack-spree/
https://www.reddit.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image