When the Chinese The group of pirates known as Salt Typhoon was revealed that last fall, it deeply penetrated large American telecommunications companies – ultimately passed no less than nine of the target holders and accessing the texts and calls of the calls of Real -time Americans – This hacking campaign was treated as a four fire alarms by the US government. However, even after a very publicized exhibition of these pirates, they continued their series of telecommunications networks worldwide, including more in the United States.
Researchers from the Cybersecurity Company recorded future Wednesday evening revealed in a report that they saw the typhoon of Salt rape five telecommunications and internet service providers around the world, as well as more than a dozen universities From Utah to Vietnam, all between December and January. Telecommunications include an American Internet service provider and a telecommunications company and another American subsidiary of a British telecommunications, according to the company analysts, although they refused to appoint these victims to Wired.
“They are super active and they continue to be super active,” explains Levi Gundert, who heads the future recorded research team known as the Insikt group. “I think there is just a general underestimation of their aggressiveness to transform telecommunications networks into Swiss cheese.”
To carry out this latest intrusions campaign, Salt Typhoon – which recorded future tracks under its own name, Redmike, rather than the handle of Typhon created by Microsoft – targeted the web interfaces exposed to the Internet of the iOS software in Cisco , which runs on the giant routers and switches. The hackers have exploited two different vulnerabilities in the code of these devices, one of which grants initial access, and another which provides root privileges, giving pirates total control of often powerful equipment with access to the network of A victim.
“Whenever you are integrated into communication networks on infrastructure such as routers, you have the Kingdom keys in what you can access and observe and exfiltrate,” explains Gundert.
Recorded Future has found more than 12,000 Cisco devices whose web interfaces were exposed online, and says that hackers have targeted more than a thousand of these devices in the world. Among these, they seem to have focused on a smaller telecommunications and university networks whose Cisco devices they have successfully exploited. For the selected targets, Salt Typhoon has configured the Pirated Cisco Devices to connect to the own control and harass control servers via generic routing encapsulation, or GRE tunnels – a protocol used to configure private communication channels – Then used these connections to maintain their access and flight data.
When cable contacted Cisco to comment, the company underlined a security notice He published on vulnerabilities in the web interface of his iOS software in 2023. “We continue to highly urge customers to follow the recommendations described in the advice and to go to the fixed version available,” wrote a spokesperson in a press release.
Network hacking devices as indicated in targeting victims – often by exploiting the known vulnerabilities that the owners of devices have not been able to correct – have become a standard operational procedure for the salt typhoon and other groups Chinese piracy. This is partly because these network devices do not have many security controls and surveillance software that have been extended to more traditional IT devices such as servers and PCs. Future notes recorded in its report according to which the sophisticated Chinese spy teams have targeted these vulnerable network devices as a main intrusion technique for at least five years.
