Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

The Salt Typhoon: China's Insidious Cyber-Spy Operation Exposes Global Telecommunications Networks to Chinese Intelligence


China's Salt Typhoon spy crew has compromised at least seven global telecommunications networks and exposed sensitive information to Chinese intelligence, with over 1,000 attempts to breach Cisco devices across the globe. The operation marks a significant escalation in the group's efforts to infiltrate major network providers.

  • The Salt Typhoon cyber-spy crew has been linked to compromising at least 9 US telecommunications companies and government networks.
  • The group allegedly backed by the Chinese government has exposed sensitive information to Chinese intelligence.
  • The Salt Typhoon crew exploited vulnerabilities in Cisco devices to gain unauthorized access to targeted networks, compromising at least 7 major players.
  • The operation began in December 2024 and January 2025, using critical privilege escalation vulnerabilities in Cisco's technology.
  • The scope of the operation is staggering, with over half of targeted devices located in the US, South America, and India.
  • The attackers likely compiled a list of target devices based on their association with telecommunications providers' networks.
  • The Salt Typhoon crew has been sanctioned by the US in January.



    • The recent surge in high-profile cyber-attacks has brought attention to a sophisticated and ongoing operation conducted by a group known as the Salt Typhoon. This notorious cyber-spy crew, allegedly backed by the Chinese government, has been wreaking havoc on global telecommunications networks, compromising at least seven major players and exposing sensitive information to Chinese intelligence.

    According to reports from Recorded Future's Insikt Group, the Salt Typhoon crew exploited vulnerabilities in Cisco devices to gain unauthorized access to these targeted networks. The group's modus operandi involved identifying internet-facing Cisco-made boxes and attempting to exploit over 1,000 of them before successfully breaching at least seven unpatched systems.

    The Salt Typhoon's campaign is believed to have begun in December 2024 and January 2025, with the crew using a combination of two critical privilege escalation vulnerabilities in Cisco's technology: CVE-2023-20198 and CVE-2023-20273. The latter vulnerability allowed the attackers to gain root privileges on the compromised devices, enabling them to establish persistent access to the targeted networks.

    The scope of this operation is staggering, with more than half of the targeted devices located in the US, South America, and India. The majority of these attacks were linked to telecommunications providers, while 12 universities were also targeted to gain access to research related to technology. This effort can be seen as a concerted attempt by China to compromise the world's telecommunications networks.

    The Salt Typhoon crew has previously been linked to compromising at least nine US telecommunications companies and government networks, giving President Xi's agents real-time access to people's communications and whereabouts. In its latest move, the group infiltrated Cisco-supplied gear associated with a US internet service and telecommunications provider, a US affiliate of a "significant" UK-based telecom provider, an Italian ISP, and two other telecommunications firms.

    The attackers likely compiled a list of target devices based on their association with telecommunications providers' networks. They possibly targeted over 12 universities, including University of California, Los Angeles (UCLA), California State University, Office of the Chancellor, Loyola Marymount University, and Utah Tech University, among others. The crew also conducted reconnaissance operations involving multiple IP addresses owned by Mytel, a Myanmar-based telecom firm.

    In January, the US issued sanctions on a Salt Typhoon-affiliated cybersecurity company, Sichuan Juxinhe Network Technology, which is based in Sichuan, China. This move signals an increased effort to counter state-backed cyber espionage in critical infrastructure.

    The ongoing threat posed by the Salt Typhoon crew highlights the need for robust international cooperation and more stringent security measures. As highlighted by experts, "robust international cooperation is crucial for effectively countering these persistent threats."



    Related Information:

  • https://go.theregister.com/feed/www.theregister.com/2025/02/13/salt_typhoon_pwned_7_more/

  • https://nvd.nist.gov/vuln/detail/CVE-2023-20198

  • https://www.cvedetails.com/cve/CVE-2023-20198/

  • https://nvd.nist.gov/vuln/detail/CVE-2023-20273

  • https://www.cvedetails.com/cve/CVE-2023-20273/

  • https://cybersecuritynews.com/chinese-apt-attacking-telecoms/

  • https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/


    • Published: Thu Feb 13 13:51:45 2025 by llama3.2 3B Q4_K_M


     |   |   |  Sub Stack  |  Blue Sky


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us