Salt Typhoon
Canada says Salt Typhoon hacked telecom firm via Cisco flaw
The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges. The flaw […]
Telecom giant Viasat breached by China’s Salt Typhoon hackers
Satellite communications company Viasat is the latest victim of China’s Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. Viasat provides satellite broadband services to governments worldwide and aviation, military, energy, maritime, and enterprise customers. Last month, the telecom giant told shareholders that it […]
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches
The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. In October, the FBI and CISA confirmed that the Chinese state hackers had breached multiple telecom providers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream) and many other telecom companies […]
Chinese hackers use custom malware to spy on US telecom networks
The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. Salt Typhoon (aka Earth Estries, GhostEmperor, and UNC2286) is a sophisticated hacking group active since at least 2019, primarily focusing on breaching government entities and telecommunications companies. […]
Chinese hackers breach more US telecoms via unpatched Cisco routers
China’s Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. Recorded Future’s Insikt Group threat research division states that the Chinese hacking group (tracked Salt Typhoon and RedMike) has exploited the CVE-2023-20198 privilege escalation and CVE-2023-20273 Web UI command injection vulnerabilities. These ongoing attacks have […]
FCC orders telecoms to secure their networks after Salt Tyhpoon hacks
The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year’s Salt Typhoon security breaches. Today’s action comes after FCC Chairwoman Jessica Rosenworcel said in early December that the FCC would act “urgently” to require U.S. carriers to secure their systems from cyberattacks. “We now have a choice to make. We […]
Chinese hackers also breached Charter and Windstream networks
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. This comes after AT&T, Verizon, and Lumen confirmed on December 30 that they have evicted the hackers from their networks. After breaching their networks, the Salt Typhoon hackers gained access […]
AT&T and Verizon say networks secure after Salt Typhoon breach
AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. “We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities […]
White House links ninth telecom breach to Chinese hackers
A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. The Salt Typhoon Chinese cyber-espionage group who orchestrated these attacks (also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) is known for breaching government entities and telecom companies […]
CISA urges switch to Signal-like encrypted messaging apps after telecom hacks
Today, CISA urged senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States. CISA and the FBI confirmed these breaches in late October after reports that the Salt Typhoon, a Chinese-backed threat group, had hacked multiple U.S. […]