The Canadian Center for Cyber Security and FBI confirmed that the Chinese state-propelled ‘Salt Typhoon’ hacking group is also targeting Canadian telecom firms, dissolving a telecom provider in February.
During the February 2025 incident, Salt Typhoon exploited Cve-2023-20198 Flaw, an important Cisco iOS XE vulnerability, which allows remote, informal attackers to create arbitrary accounts and obtain administrator-level privileges.
The defect was first revealed in October 2023, when it was reported that the danger actors exploited it as zero-day to hack more than 10,000 equipment.
Despite the passage of a significant period, at least one major telecommunication provider in Canada was still not packed, giving salt typhoon an easy way to compromise the equipment.
“Three network devices registered for a Canadian telecom company were compromised by salt typhoon actors in mid -February 2025,” Bulletin reads,
“The actors exploited the CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one file to configure the GRE tunnel, to enable traffic collection from the network.”
In October 2024, after violating salt typhoon on several American broadband providers, Canadian officials flagged off the reconnaissance activity, which targeted dozens of major organizations in the country.
No actual violations were confirmed at that time, and despite the call to increase security, some important service providers did not take necessary action.
The cyber center notes that, depending on different investigation and crowd-and-analog, targeting many other industries, the possibility of salt typhoon-tied activity extends beyond the telecom sector.
In many cases, activity is limited to reconnaissance, although stolen data from the internal network can be used for lateral movement or supply chain attacks.
The cyber center warned that the attack against Canadian organizations in the next two years “almost certainly continued”, urged important outfits to protect their network.
Telecom service provider who handle valuable data, such as call metadata, customer location data, SMS content, and government/political communication, are the major goals for state-proposed detective groups.
Their attacks typically target the edge devices on network circumference, router, firewall and VPN devices, while MSP and Cloud vendors are also targeted for indirect attacks on their customers.
The bulletin of the cyber center lists the resources providing strict instructions for important infrastructure operators.
Salt typhoon attacks have affected many telecom companies in dozens of countries, including AT & T, Verizon, Lumen, Charter Communication, Integrated Communications and Windestream.
Last week, Viat also confirmed that salt typhoon broke them, but the customer data was not affected.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
