Recorded Future recently revealed that Salt Typhoon, a Chinese state-sponsored threat group, has not ceased its hacking activities against telecommunications providers. Last fall, Salt Typhoon made headlines after breaching major telecommunication carriers such as AT&T, Verizon, T-Mobile, and Lumen Technologies. The group’s espionage efforts resulted in the theft of sensitive communications related to law enforcement agency requests, including those involving political and government leaders.
Despite the detection and remediation of the telecom attacks last year, Salt Typhoon has persisted in its malicious actions. In a recent blog post, Recorded Future disclosed that between December and January, Salt Typhoon launched a campaign targeting over 1,000 Cisco devices worldwide, exploiting privilege escalation vulnerabilities identified as CVE-2023-20198 and CVE-2023-20273. The Insikt Group at Recorded Future reported that during this campaign, five companies experienced compromises, including a U.S. telecom and internet service provider, as well as a U.S.-based affiliate of a U.K. telecom provider.
The publication of Recorded Future’s report coincided with the shutdown of the Cyber Safety Review Board (CSRB), which was investigating Salt Typhoon and the telecom breaches from the previous year. The cessation of the CSRB’s activities was attributed to a cost-cutting initiative within the Department of Homeland Security.
In response to these ongoing cybersecurity threats, Informa TechTarget editors Rob Wright and Alexander Culafi delved into the details of Salt Typhoon’s persistent hacking activities on a recent episode of the Risk & Repeat podcast. Culafi, a senior information security news writer and podcast host for TechTarget Editorial, highlighted the significance of continued vigilance in the face of evolving cyber threats, such as those posed by Salt Typhoon.
The revelations regarding Salt Typhoon’s continued targeting of telecommunications providers underscore the persistent challenges faced by organizations in safeguarding their networks and sensitive data. As state-sponsored threat actors like Salt Typhoon demonstrate a willingness to exploit vulnerabilities for strategic gain, cybersecurity professionals must remain proactive in implementing robust defense measures and incident response protocols.
Moving forward, it will be crucial for industry stakeholders to collaborate on threat intelligence sharing and cybersecurity best practices to mitigate the impact of malicious actors like Salt Typhoon. By staying informed about emerging threats and investing in comprehensive security solutions, organizations can better fortify their defenses against evolving cyber threats and safeguard their critical infrastructure and data assets from exploitation.