Chinese salt typhoon pirates continue to break telecommunications companies despite American sanctions
Security researchers said the Piracy Linked to the Chinese government, Salt Typhoon, continues to compromise telecommunications suppliers, despite the Recent sanctions imposed by the United States government on the group.
In a report shared with Techcrunch, the threat intelligence company recorded the future said that it had observed Salt typhoon – that the company follows as “Redmike” – rape five telecommunications companies between December 2024 and January 2025.
Salt Typhoon made the headlines last September after having been revealed that the group had infiltrated several American telephone and internet giants, notably AT&T and Verizon, to access private communications from senior American officials and political figures.
Typhon of salt too pirated in systems that the organizations responsible for the application of laws use for the collection of customer data by the court, potentially accessing sensitive data such as the identity of Chinese targets of American surveillance.
The recorded future refused to appoint the latest victims of Salt Typhoon, but said they understood an American subsidiary of an eminent British telecommunications supplier; An American Internet service provider and telecommunications companies in Italy, South Africa and Thailand.
The pirates also carried out recognition – the practice of discovery and collecting information on a system – on several infrastructure assets managed by Mytel, a telecommunications supplier based in Myanmar.
To carry out these attacks, Salt Typhoon has exploited two vulnerabilities (followed under the name of CVE-20232-0198 and CVE-2023-20273) to compromise non-corrected CISCO devices running the Cisco iOS XE software. The hacking group has tried to compromise more than 1,000 Cisco devices worldwide, particularly focusing on devices associated with telecommunications supplier networks, said the future recorded.
Registered Future said that he also observed targeting devices of the Salt-Typhoon typhoon associated with universities, including the University of California and Utah Tech. The researchers said that the hacking group “may have targeted these universities to access research in fields related to telecommunications, engineering and technology”.
The US government has sanctioned companies related to the group. In January, the American Treasury Department – Himself targeted by Chinese pirates Recently – said that it had sanctioned a cybersecurity company based in China known as the Sichuan Juxinhe network technology, which, according to her, is directly linked to the typhoon of Salt.
The researchers of the recorded future say that, despite this action, he expects that Salt Typhoon continues to target telecommunications suppliers in the United States and elsewhere.
