Getty Images/iStockphoto
Risk & Repeat: Salt Typhoon hasn't stopped hacking
Although the Salt Typhoon telecom breaches from last year appear to have been remediated, the Chinese state-sponsored threat group continues to target critical organizations.
Salt Typhoon is still hacking telecommunications providers, according to research from Recorded Future.
Salt Typhoon is a Chinese state-sponsored threat group that gained significant attention last fall when it breached major telecom carriers, including AT&T, Verizon, T-Mobile and Lumen Technologies. In one of the most high-profile incidents of cyberespionage in recent memory, the group was found to have stolen sensitive communications for law enforcement agency requests, including those connected to political and government leaders.
While the telecom attacks last fall were detected and ultimately remediated, Salt Typhoon continued its malicious activity. Recorded Future published a blog post last week detailing a campaign it observed involving Salt Typhoon. Researchers found that between December and January, the nation-state threat group targeted more than 1,000 Cisco devices globally using privilege escalation flaws CVE-2023-20198 and CVE-2023-20273. Recorded Future's Insikt Group reported that five companies were compromised during the campaign, including a U.S. telecom and internet service provider and a U.S.-based affiliate of a U.K. telecom provider.
Recorded Future published its report only a few weeks after the U.S. Cyber Safety Review Board, which was in the process of investigating Salt Typhoon, was shut down in a cost-cutting move. The CSRB was conducting an investigation into the telecom breaches that occurred last fall.
Informa TechTarget editors Rob Wright and Alex Culafi discuss Salt Typhoon's ongoing activities on the Risk & Repeat podcast.
Alexander Culafi is a senior information security news writer and podcast host for Informa TechTarget.
