According to security experts, the hacking collective Salt Typhoon, which is associated with the Chinese government, continues to infiltrate telecom providers, undeterred by recent sanctions from the U.S. government against it.
In a report provided to TechCrunch, the threat intelligence firm Recorded Future revealed that they have tracked Salt Typhoon—referred to as “RedMike”—as it breached five telecom companies between December 2024 and January 2025.
Salt Typhoon gained media attention last September when it was disclosed that the group had accessed the networks of several major U.S. telecommunications companies, such as AT&T and Verizon, allowing them to surveil private communications of high-ranking U.S. officials and political leaders.
The group also breached the systems utilized by law enforcement for the court-ordered gathering of customer information, which may have allowed them to obtain sensitive data on Chinese individuals targeted by U.S. intelligence efforts.
Although Recorded Future refrained from disclosing the identities of the most recent victims of Salt Typhoon, they did state that those targeted include a U.S. affiliate of a prominent telecommunications provider from the U.K., a U.S.-based internet service company, and telecom operators located in Italy, South Africa, and Thailand.
The hackers conducted reconnaissance efforts—secretly gathering data about a system—on numerous infrastructure assets belonging to Myanmar’s Mytel, as reported by Recorded Future.
To execute these attacks, Salt Typhoon exploited two security vulnerabilities (designated as CVE-20232-0198 and CVE-2023-20273) to compromise unprotected Cisco devices utilizing Cisco IOS XE software. According to Recorded Future, the hacking group has attempted to breach over 1,000 Cisco devices globally, with a particular emphasis on devices linked to telecom networks.
Furthermore, Recorded Future indicated that Salt Typhoon has targeted devices associated with academic institutions, including the University of California and Utah Tech. Researchers believe the group may be interested in these universities to gain access to research in communications, engineering, and technology.
In response to these threats, the U.S. government has placed sanctions on firms tied to the group. In January, the U.S. Treasury Department, which itself has been a target of Chinese government cyberattacks, announced sanctions against Sichuan Juxinhe Network Technology, a cybersecurity firm based in China that is said to have direct ties to Salt Typhoon.
Despite these measures, researchers at Recorded Future predict that Salt Typhoon will persist in targeting telecommunications providers in the U.S. and beyond.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
