Ethical Hacking News
Chinese hackers have been using custom malware, JumbledPath, developed by the Salt Typhoon group, to spy on US telecom networks. This sophisticated operation has significant implications for national security and highlights the need for robust cybersecurity measures to safeguard networks. The Salt Typhon group's tactics involve exploiting vulnerabilities, often through stolen credentials or zero-day exploits, making it essential for admins to apply patches to edge networking devices as soon as they become available.
The Salt Typhoon group has been using custom malware called JumbledPath to infiltrate the inner sanctum of US telecommunications companies. The group has been targeting major US telecoms, including Verizon, AT&T, Lumen Technologies, and T-Mobile. JumbledPath allows the hackers to monitor network traffic, capture sensitive data, and disable logging, making forensic investigations more difficult. The malware is built for x86_64 Linux-based systems and can be used to initiate packet capture on targeted Cisco devices. The group has been targeting over 1,000 Cisco network devices between December 2024 and January 2025. Cybersecurity experts are urging admins to apply patches to edge networking devices as soon as they become available to prevent similar breaches.
Chinese hackers have been leaving a trail of digital breadcrumbs, meticulously crafted to evade detection and infiltrate the inner sanctum of US telecommunications companies. A recent revelation has shed light on this clandestine operation, exposing the use of custom malware, dubbed JumbledPath, by the Salt Typhoon hacking group. This sophisticated cyberattack, spearheaded by the Chinese state-sponsored Salt Typhoon group, has been unfolding over the past year, with the latest confirmed breaches taking place in December 2024 and January 2025.
The Salt Typhoon group, a sophisticated threat actor active since at least 2019, has primarily focused on breaching government entities and telecommunications companies. Their modus operandi involves exploiting vulnerabilities, often through stolen credentials or zero-day exploits. However, this particular operation stands out for its use of custom malware, JumbledPath, which allows the hackers to monitor network traffic and potentially capture sensitive data.
The JumbledPath malware is a Go-based ELF binary built for x86_64 Linux-based systems, making it compatible with various edge networking devices from different manufacturers. This versatility enables the Salt Typhoon group to initiate packet capture on targeted Cisco devices via a jump-host, an intermediary system that makes the capture requests appear as if they originate from a trusted device within the network while also obscuring the attacker's true location.
Moreover, JumbledPath allows the hackers to disable logging and clear existing logs, thereby erasing any traces of their activity and making forensic investigations more difficult. This sophistication is evident in the malware's design, which not only enables the capture of sensitive data but also provides a layer of obfuscation, making it challenging for security experts to track down the attackers.
The Salt Typhoon group has been targeting major telecommunications companies in the US, including Verizon, AT&T, Lumen Technologies, and T-Mobile. These breaches have significant implications, as they not only compromise sensitive information but also pose a risk to national security. The hackers' ability to tap into private communications of some US government officials and steal information related to court-authorized wiretapping requests is particularly concerning.
Recent reports from Recorded Future's Insikt Group indicate that the Salt Typhoon group targeted over 1,000 Cisco network devices between December 2024 and January 2025. The impact of this breach extends beyond the individual companies, as it highlights the vulnerabilities in the global telecommunications infrastructure.
Cisco Talos has revealed more details about the Salt Typhoon group's activity, stating that they infiltrated core networking infrastructure primarily through stolen credentials. However, apart from a single case involving exploitation of the CVE-2018-0171 flaw, Cisco Talos has seen no other flaws or zero-days being exploited in this campaign.
The attackers' tactics are marked by advanced techniques for persistent access and evasion. They frequently pivot between different networking devices to hide their traces and use compromised edge devices to gain access into partner telecom networks. The threat actors have also been observed modifying network configurations, enabling Guest Shell access to execute commands, altering access control lists (ACLs), and creating hidden accounts.
Bypassing access control lists is another notable feature of the Salt Typhoon group's tactics. By exploiting vulnerabilities in Cisco devices, they can gain unauthorized access to sensitive information, bypassing even the most stringent security measures.
In light of this revelation, cybersecurity experts are urging admins to apply patches to edge networking devices as soon as they become available. This proactive measure is crucial in preventing similar breaches and protecting against sophisticated cyberattacks like those perpetrated by the Salt Typhoon group.
As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and implement robust security measures to safeguard their networks. The use of custom malware like JumbledPath highlights the complexity and sophistication of modern cyberattacks, emphasizing the need for continuous monitoring and swift action in response to emerging threats.
In conclusion, the Salt Typhoon group's use of custom malware to spy on US telecom networks represents a significant escalation in the threat landscape. As cybersecurity experts and organizations work together to address this challenge, it is essential to remain informed about emerging threats and to implement proactive measures to protect against sophisticated cyberattacks.
Related Information:
https://www.bleepingcomputer.com/news/security/salt-typhoon-uses-jumbledpath-malware-to-spy-on-us-telecom-networks/
https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/
Published: Thu Feb 20 10:46:00 2025 by llama3.2 3B Q4_K_M
