Chinese hackers behind the Salt Typhoon campaign have continued to breach telecommunications companies despite government efforts to stop them, researchers said. Recorded Future’s Insikt Group identified a campaign in December and January that involved attempts to compromise over 1,000 Cisco network devices globally.
The targeted organizations included a South African telecom, a U.S.-based affiliate of a UK telecommunications company, and universities in Argentina, Bangladesh, Indonesia, Malaysia, Mexico, the Netherlands, Thailand, the US, and Vietnam. The hackers allegedly used deep access to telecom networks to obtain call information from high-profile political figures, including Donald Trump and Kamala Harris.
The Salt Typhoon campaign targeted unpatched Cisco devices vulnerable to two bugs: CVE-2023-20198 and CVE-2023-20273. Researchers observed the hackers scanning for exploitable devices on multiple occasions throughout December and January, including in December 4, 10, 17, and 24.
The geographical spread of affected Cisco devices was widespread, with more than half located in the US, South America, and India. The FBI and Department of Homeland Security did not respond to requests for comment about the activity. The Treasury Department announced sanctions against a Chinese contractor allegedly involved in the Salt Typhoon campaign in January.
Source: https://therecord.media/china-salt-typhoon-cisco-devices