The question this time is: What country is at it again with continual hacking of providers?
If you were to guess Russia, you’d be wrong, although nothing surprises me with them these days.
If you guessed the Koreas, they’ve not done that to my knowledge, but again, that would not necessarily surprise me either.
If you guessed China, you’re correct. For bonus question points, what group? If you guessed Salt Typhoon, you’re correct.
China’s Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
Recorded Future’s Insikt Group threat research division states that the Chinese hacking group (tracked Salt Typhoon and RedMike) has exploited the CVE-2023-20198 privilege escalation and CVE-2023-20273 Web UI command injection vulnerabilities.
These ongoing attacks have already resulted in network breaches at multiple telecommunications providers, including a U.S. internet service provider (ISP), a U.S.-based affiliate of a U.K. telecommunications provider, a South African telecom provider, an Italian ISP, and a large Thailand telecommunications provider.
My biggest question, is why have they not fixed this CVE 2023 bug yet by patching it? Oh, we don’t have to do that, we’re not aware of it and even if we are, its not really our responsibility.
The threat researchers said they’ve spotted compromised and reconfigured Cisco devices on their networks, communicating with Salt Typhoon-controlled servers via generic routing encapsulation (GRE) tunnels for persistent access.
Between December 2024 and January 2025, Salt Typhoon targeted over 1,000 Cisco network devices, more than half from the U.S., South America, and India.
“Using internet scanning data, Insikt Group identified more than 12,000 Cisco network devices with their web UIs exposed to the internet,” Insikt Group said.
The research says while 1,000 specific devices were targeted, this is only a small percentage of all Cisco devices out there. That is 1,000 too many that haven’t been patched and we know that the article states there are more that are also not patched.
These breaches are part of a broader campaign confirmed by the FBI and CISA in October. In these attacks, the Chinese state hackers breached multiple U.S. telecom carriers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream) and telecom companies in dozens of other countries.
To read the entire article, let’s give you the article ach more US telecoms via unpatched Cisco routers for your perusal.
I’ve taken this enough apart for discussion, so now its your turn.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.