Chinese Salt Typhoon spies are still hacked telecommunications – now by operating Cisco Routers

When the Chinese Hacker Group known as Salt Typhoon was discovered last fall Deeply penetrated the main American telecommunications companies-Clogling the breach of at least nine of the telephone carriers and access to the texts and calls of the Americans in real time-that the hacker campaign is treated as a fire of four alarms from the US government. But even after the exposure to these hackers, they continue to break into telecommunications networks around the world, including more in the United States.

Researchers from the cybersecurity company have recorded the future on Wednesday night, revealed in a report that they have seen Salt Typhoon violate five telecommunications and internet service providers around the world, as well as more than a dozen universities from Utah to Vietnam, all between December and January. Telecommunications include one Internet service provider in the US and telecommunications company and another US -based subsidiary, according to the company’s analysts, although they refused to name these victims of Wired.

“They are super active and continue to be super active,” says Levi Gundert, who leads a recorded Future research team known as the Insikt Group. “I think there is only a common failure to how aggressive they are when turning telecommunications networks into Swiss cheese.”

To carry out this latest invasion campaign, Salt Typhoon-which records future songs under its own name, Redmike, not the Typhoon handle created by Microsoft-e targeted interfaces of the IOS IOS software of Cisco, which works that works On the network for the network giant routers and switches. The hackers used two different vulnerabilities in the code of these devices, one of which provides initial access and another that provides radical privileges, giving hackers with complete control over often powerful equipment with access to the victim’s network.

“Every time you are embedded in infrastructure communication networks such as routers, you have the keys to the kingdom in what you are able to access and observe and choose,” says Gundert.

A recorded future has found more than 12,000 Cisco devices, whose web interfaces have been exposed online and says that hackers have directed more than a thousand of these devices installed on networks around the world. They seem to have focused on a smaller endarm of telecommunications and university networks whose Cisco devices are successfully operating. For these selected targets, Salt Typhoon configures the Cisco hacked devices to connect to its own hacker command and control servers by generating routing or GRE Tunnels-Protocol used to create private communication channel to maintain their access to their access and steal data.

When Wired turned to Cisco for comment, the company pointed a Security consultant He publishes the vulnerabilities in the web interface of his iOS software in 2023. “We continue to urge customers to follow recommendations outlined in the consultative and upgrade of the available fixed edition of the software,” a spokesman wrote in a message.

Hacker network appliances such as entry points for targeting victims – often by using some vulnerabilities that device owners have failed – it becomes a standard operational procedure for salt typhoon and other Chinese hacking groups. This is partly because these network devices lack many of the security controls and monitoring software that has been expanded to more traditional computing devices such as servers and computers. Future notes recorded in their report that complex Chinese espionage teams are aimed at these vulnerable network appliances as a major penetration technique for at least five years.