The Chinese hacker group known as Salt Typhoon has continued its spree of breaking into telecom networks worldwide, including more in the US. Researchers at cybersecurity firm Recorded Future revealed that they’ve seen Salt Typhoon breach five telecoms and internet service providers and more than a dozen universities from Utah to Vietnam between December and January. The telecoms include one US internet service provider and telecom firm, and another US-based subsidiary of a UK telecom, although the specific identities of these victims were not disclosed.
” They’re super active, and they continue to be super active,” says Levi Gundert, who leads Recorded Future’s research team, Insikt Group. Salt Typhoon has exploited vulnerabilities in the web interfaces of Cisco’s IOS software, which operates on the networking giant’s routers and switches. These vulnerabilities grant the hackers initial access and root privileges, allowing them full control of the devices.
Recorded Future found over 12,000 Cisco devices whose web interfaces were exposed online, with hackers targeting over a thousand globally. They focused on a smaller subset of telecoms and university networks where they executed successful intrusions. For their selected targets, Salt Typhoon configured the hacked Cisco devices to connect to their own command-and-control servers via GRE tunnels—private communications channels—which they used to maintain access and steal data.
In response, Cisco pointed to an advisory it published in 2023, urging customers to follow outlined recommendations and upgrade to patched software versions.
Salt Typhoon’s data breach continues
Despite media exposure, government reports, and even sanctions issued by the US Treasury, Salt Typhoon has not altered its course.
On January 17, the Treasury sanctioned Sichuan Juxinhe Network Technology, a cybersecurity firm allegedly linked to Salt Typhoon’s operations. Yet Recorded Future has seen no slowdown in the hackers’ activities since that date. “That’s the disappointing part about this,” says Gundert. “Even with all the attention, we haven’t observed any real change in the volume or velocity of attacks, even in the same target demographic of telecommunications.”
A top FBI official said Wednesday that one of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data. Cynthia Kaiser, deputy assistant director in the bureau’s cyber division, characterized the breach as “a different level of insidiousness” from Beijing, reflecting its “ambition and reckless aggression in cyberspace.”
The hack compromised a wide range of data, from law enforcement information to call records. Kaiser said the scope left no target out, not even children.
“Can any of you imagine a world in which China would have been stealing information about you as a 13-year-old?” she asked the audience. That’s precisely what American children are facing in this new era of big data and cyber espionage, and it will follow them no matter which careers or risks they choose in the future.
The Salt Typhoon hack is one of several recent notable incidents that have prompted calls for the United States to adopt a more aggressive stance in cyberspace with its own offensive operations. The breach has hit multiple additional networks worldwide since being publicized last year. It involves a Chinese national and a cybersecurity company based in Sichuan, China, for participating in the hacking campaign.
Image Credits: Photo by Mika Baumeister on Unsplash
