Ethical Hacking News
Chinese hackers have breached more US telecoms via unpatched Cisco routers, leaving these organizations vulnerable to a massive cyber-attack. The Salt Typhoon group, known for its prolific cyber-espionage activities, has exploited zero-day vulnerabilities in Cisco IOS XE network devices to gain unauthorized access to multiple telecommunications providers' networks.
The Salt Typhoon group, a Chinese cyber-espionage operation, has breached multiple US telecoms via unpatched Cisco routers. The hackers exploited two zero-day vulnerabilities in Cisco IOS XE network devices to gain unauthorized access to networks. Over 1,000 Cisco network devices have been compromised, with more than half located in the US, South America, and India. The breach highlights the ongoing threat posed by unsecured network devices and the need for immediate action from telecommunications providers and network administrators. The Salt Typhoon group has been breaching telecom companies and government entities since at least 2019, making them one of the most prolific cyber-espionage groups in recent years.
Chinese hackers have breached more US telecoms via unpatched Cisco routers, highlighting the ongoing threat posed by unsecured network devices. The Salt Typhoon group, a notorious Chinese cyber-espionage operation, has been actively targeting telecommunications providers worldwide, including those in the United States.
According to Recorded Future's Insikt Group, the Salt Typhoon group has exploited two zero-day vulnerabilities in Cisco IOS XE network devices: CVE-2023-20198 and CVE-2023-20273. These exploits have enabled the hackers to gain unauthorized access to multiple telecommunications providers' networks, including a US internet service provider (ISP), a US-based affiliate of a UK telecommunications provider, a South African telecom provider, an Italian ISP, and a large Thai telecommunications provider.
The Insikt Group reported that Salt Typhoon has compromised over 1,000 Cisco network devices, with more than half located in the US, South America, and India. This represents an 8% sampling of exposed devices, with the hackers using generic routing encapsulation (GRE) tunnels for persistent access to their targets' networks.
The vulnerability that allows Salt Typhoon to breach these networks is a result of unpatched Cisco IOS XE devices being left exposed on the internet without proper security measures. The Insikt Group has advised network administrators operating Internet-exposed Cisco IOS XE network devices to apply available security patches as soon as possible and avoid exposing administration interfaces or non-essential services directly to the Internet.
The Salt Typhoon group's activities are part of a broader campaign confirmed by the FBI and CISA in October. In these attacks, the Chinese state hackers breached multiple US telecom carriers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream) and telecom companies in dozens of other countries.
While they had access to the US telecoms' networks, the Salt Typhoon group compromised the private communications of a limited number of US government officials and accessed the US law enforcement's wiretapping platform. This highlights the severe threat posed by unsecured network devices and the need for immediate action from telecommunications providers and network administrators.
The Salt Typhoon group has been breaching telecom companies and government entities since at least 2019, making them one of the most prolific cyber-espionage groups in recent years. Their activities underscore the importance of regular security patches and vigilant monitoring to prevent similar breaches in the future.
In conclusion, the breach of US telecoms via unpatched Cisco routers highlights the ongoing threat posed by unsecured network devices. Network administrators and telecommunications providers must take immediate action to secure their networks and apply available security patches to prevent similar breaches in the future.
Related Information:
https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-more-us-telecoms-via-unpatched-cisco-routers/
https://nvd.nist.gov/vuln/detail/CVE-2023-20198
https://www.cvedetails.com/cve/CVE-2023-20198/
https://nvd.nist.gov/vuln/detail/CVE-2023-20273
https://www.cvedetails.com/cve/CVE-2023-20273/
Published: Fri Feb 14 08:26:33 2025 by llama3.2 3B Q4_K_M
