Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers

China
(Image credit: Shutterstock)

  • Security researchers from Recorded Future observe new Salt Typhoon activity
  • The threat actor is still going after ISPs and universities in the west
  • The group is abusing flaws in Cisco gear to hit new targets

Salt Typhoon, a Chinese state-sponsored threat actor best known for recently breaching almost a dozen telecom providers in the US, has struck again, hitting not just American organizations, but also those from the UK, South Africa, and elsewhere around the world.

The latest intrusions were spotted by cybersecurity researchers from Recorded Future, which said the group is targeting internet-exposed web interfaces of Cisco’s IOS software that powers different routers and switches. These devices have known vulnerabilities that the threat actors are actively exploiting to gain initial access, root privileges, and more.

More than 12,000 Cisco devices were found connected to the wider internet, and exposed to risk, Recorded Future further explained. However, Salt Typhoon is focusing on a “smaller subset” of telecoms and university networks.

Recent activity

This “smaller subset” of targets includes US internet service providers and telecommunications firms, a US affiliate of a UK telecom, telecoms in South Africa and Thailand, an internet service provider in Italy, different universities around the world (Argentina, Bangladesh, Indonesia, Malaysia, Mexico, Netherland, Thailand, Vietnam, and the US).

All of this activity was spotted between December 2024, and January 2025, meaning the group is currently quite active.

“They’re super active, and they continue to be super active,” Levi Gundert, who leads Recorded Future's research team known as Insikt Group, told Wired. “I think there's just a general under-appreciation for how aggressive they are being in turning telecommunications networks into Swiss cheese.”

Cisco also chimed in, saying that the vulnerabilities Salt Typhoon is exploiting have all been fixed, and urged users to apply the available patches as soon as possible.

Unpatched n-day vulnerabilities are low-hanging fruit for cybercriminals, since they already have a working exploit and a proof-of-concept for malware infections, which makes their work relatively easy.

Via Wired

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
China
Salt Typhoon hackers used this clever technique to attack US networks
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
Salt Typhoon attacks may have hit more US firms than previously thought
China
AT&T and Verizon say they're free of Salt Typhoon hacks at last, as further victims identified
An American flag flying outside the US Capitol building against a blue sky
Chinese cybersecurity firm sanctioned by US Treasury over alleged links to Salt Typhoon hackers
China
Chinese hackers targeting Juniper Networks routers, so patch now
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Latest in Security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Data leak
Top California sperm bank suffers embarrassing leak
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Latest in News
Stability AI 3D Video
Stability AI’s new virtual camera turns any image into a cool 3D video and I’m blown away by how good it is
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
The Nanoleaf PC Screen Mirror Lightstrip being used on a desktop computer.
Mac gaming could get an intriguing boost – but not in the way you'd expect