Chinese hackers, known as Salt Typhoon, have breached multiple US telecommunications providers through unpatched Cisco IOS XE network devices. The group exploited two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to gain persistent access to networks.
According to Recorded Future’s Insikt Group threat research division, the attacks resulted in network breaches at several US internet service providers, a US-based affiliate of a UK telecommunications provider, and other countries. The group has also compromised devices in South Africa, Italy, and Thailand.
The FBI and CISA confirmed in October that Salt Typhoon had breached multiple US telecom carriers and companies in dozens of other countries. They accessed the private communications of a limited number of US government officials and exploited the US law enforcement’s wiretapping platform.
Insikt Group advises network administrators to apply available security patches as soon as possible and avoid exposing administration interfaces or non-essential services directly to the internet. Cisco has also issued guidance for customers to patch known vulnerabilities and follow industry best practices for securing management protocols.
Source: https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-more-us-telecoms-via-unpatched-cisco-routers