Recommended reading

Top Canadian telecom firms may have been hit by Chinese Salt Typhoon hackers

News
By published

Hackers may have exploited a critical Cisco flaw

Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
(Image credit: Shutterstock)
  • Canadian telecom firms have been hit with a cyberattack
  • Chinese threat actor Salt Typhoon is suspected to be behind the attacks
  • Hackers exploited an existing Cisco flaw to gain access

The Canadian Centre for Cyber Security, alongside the FBI, have confirmed hackers were able to gain access to three network devices registered to a Canadian Telecommunications company.

“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon,” The Canadian Centre for Cybersecurity said in a statement.

This isn’t unfamiliar territory for Salt Typhoon, as the group compromised at least eight US telco giants earlier in 2025, with the hackers allegedly having access to these networks for months in a mass surveillance campaign affecting dozens of countries and targeting several high-level officials.

Save up to 68% on identity theft protection for TechRadar readers!

Save up to 68% on identity theft protection for TechRadar readers!

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

A long running campaign

The hackers, apparently exploited a high severity Cisco flaw, tracked as CVE-2023-20198 to gain access, allowing them to retrieve running configuration files from the compromised devices, which were then modified in order to create a GRE tunnel, enabling traffic collection from the network the devices were connected to.

A patch for this flaw has been available since October 2023, which indicates a serious security oversight in Canadian Telecom cybersecurity.

The threat actors most likely targeted these devices in order to ‘collect information from the victim’s internal network, or use the victim’s device to enable the compromise of further victims,’ which could explain how Salt Typhoon has been so successful in compromising large organizations.

“While our understanding of this activity continues to evolve, we assess that PRC cyber actors will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years,” the statement confirms.

Telecommunication companies are a high-priority for threat actors as they store large amounts of customer data and have useful intelligence value for cyber-espionage campaigns.

Via: ArsTechnica

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.