Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is constant to compromise telecommunications suppliers, regardless of the current sanctions imposed by the U.S. authorities on the group.
In a report shared with TechCrunch, menace intelligence agency Recorded Future stated it had noticed Salt Typhoon — which the corporate tracks as “RedMike” — breaching 5 telecommunications companies between December 2024 and January 2025.
Salt Typhoon made headlines final September after it was revealed that the group had infiltrated a number of U.S. cellphone and web giants, together with AT&T and Verizon, to achieve entry to the non-public communications of senior U.S. authorities officers and political figures.
Salt Typhoon additionally hacked into the methods that legislation enforcement companies use for court-authorized assortment of buyer knowledge, probably accessing delicate knowledge such because the identities of Chinese targets of U.S. surveillance.
Recorded Future declined to call Salt Typhoon’s newest victims, however stated they embody a U.S.-based affiliate of a outstanding U.Okay. telecommunications supplier; a U.S. web service supplier, and telecommunications firms in Italy, South Africa and Thailand.
The hackers additionally carried out reconnaissance — the observe of covertly discovering and gathering details about a system — on a number of infrastructure belongings operated by Myanmar-based telecommunications supplier, Mytel, in keeping with Recorded Future.
To perform these assaults, Salt Typhoon exploited two vulnerabilities (tracked as CVE-20232-0198 and CVE-2023-20273) to compromise unpatched Cisco units operating Cisco IOS XE software program. The hacking group has tried to compromise greater than 1,000 Cisco units globally, focusing significantly on units related to telecommunications suppliers’ networks, Recorded Future stated.
Recorded Future stated it had additionally noticed Salt Typhoon focusing on units related to universities, together with the University of California and Utah Tech. The researchers stated the hacking group “probably focused these universities to entry analysis in areas associated to telecommunications, engineering, and expertise.”
The U.S. authorities has sanctioned firms linked to the group. In January, the U.S. Treasury Department — itself focused by Chinese authorities hackers not too long ago — stated it had sanctioned a China-based cybersecurity firm referred to as Sichuan Juxinhe Network Technology, which it says is straight linked to Salt Typhoon.
Recorded Future’s researchers say regardless of this motion, it expects Salt Typhoon to proceed focusing on telecommunications suppliers within the U.S. and elsewhere.