Security researchers say that the Chinese government attached hacking group, Salt Typhoon, continues to compromise telecommunications providers, despite the Recent sanctions imposed by the US government on the group.
In a report shared with Techcrunch, a threatening smart company registered a future said it was observed Salt typhoon – The company tracks as “Redmike” – breaking five telecommunications companies between December 2024 and January 2025.
Salt Typhoon made titles last September after it was revealed that the group infiltrated several US telephone and online giants, including AT&T and Verizon, to gain access to the private communications of senior US government officials and political figures.
Salt -type too chopped into the systems that police agencies use for a court-permitted collection of customer data, possibly accessing sensitive data as the identities of Chinese surveillance purposes.
A registered future refused to call the latest victims of Salt Typhoon, but said they include a US branch of a leading UK telecommunications provider; US Internet Service Provider, and Telecommunications Companies in Italy, South Africa and Thailand.
The hackers have also fulfilled recognition-the practice of secretly discovering and gathering information on multiple infrastructure assets operated by Myanmar-based telecommunications supplier, Mytel, according to a registered future.
To carry out these attacks, Salt Typhoon exploited two vulnerabilities (tracked as CVE-20232-0198 and CVE-2023-20273) to compromise unpaved Cisco devices with Cisco iOS XE software. The hacking group has tried to compromise more than 1,000 CISCO devices worldwide, focusing mainly on devices associated with the networks of telecommunications providers, a registered future said.
A recorded future said it also observed salt typhoons from Salt Typhoon associated with universities, including the University of California and Utah technique. The researchers said the hacking group “may have aimed at these universities to access research in areas related to telecommunications, engineering and technology.”
The US government sanctioned companies related to the group. In January, the US Treasury – self intended by Chinese government hackers Recently said it has sanctioned a Chinese-based cybersecurity company known as Sichuan Juxinhe Network Technology, which it says it is directly linked to Salt Typhoon.
Researchers from a registered future say despite this action, it is expected that Salt Typhoon will continue to target telecommunications providers in the United States and elsewhere.
