A Chinese hacking group known as Salt Typhoon has continued its aggressive campaign of breaching major US and global telecom networks, despite being exposed by the US government last fall. According to a report by cybersecurity firm Recorded Future, Salt Typhoon has targeted at least five telecoms and internet service providers worldwide, as well as over a dozen universities in Asia and beyond.
The hackers exploited vulnerabilities in Cisco’s IOS software, which is used on routers and switches, to gain access to victims’ networks. They also configured hacked devices to connect to their own command-and-control servers via generic routing encapsulation (GRE) tunnels, allowing them to maintain access and steal data.
Recorded Future found over 12,000 Cisco devices with exposed web interfaces online, but the group primarily targeted a smaller subset of telecoms and university networks. The hackers’ activities have been exposed in various media outlets, government reports, and sanctions issued by the US Treasury, yet they continue to operate undeterred.
The US government has described Salt Typhoon’s hacking campaign as China’s “most significant cyber-espionage campaign in history.” Recorded Future analysts say that despite increased attention, the group has not shown any signs of slowing down or changing its tactics. The hackers’ actions have prompted warnings from security experts and officials to use end-to-end encrypted communication apps to protect against real-time spying.
In this latest incident, Salt Typhoon targeted telecoms in South Africa and Thailand, as well as internet service providers in Italy, without naming the specific victims. The group’s activities have also been detected in universities around the world, including in Argentina, Bangladesh, Indonesia, Malaysia, Mexico, Netherland, Thailand, Vietnam, and the US.
The hackers’ continued operation highlights the vulnerability of global telecom networks to sophisticated cyber threats. As one Recorded Future analyst notes, “They’ve only gotten more bold. I strongly suspect it’s much larger than what we’ve seen.”
Source: https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers