A Chinese state-backed hacking group known as Salt Typhoon has continued targeting telecommunications providers worldwide, despite recent US sanctions and cybersecurity warnings. According to a report from cybersecurity firm Recorded Future, the group has successfully breached multiple telecom networks in the US, Europe, Africa, and Asia by exploiting vulnerabilities in Cisco network devices.
Breaking the news first, TechCrunch said that the hackers have also targeted universities conducting research in telecommunications and technology, raising concerns over China’s ongoing cyber espionage activities. Salt Typhoon, also tracked as RedMike, Earth Estries, and GhostEmperor, has been linked to cyberattacks on at least five major telecommunications providers between December 2024 and January 2025.
The group has previously infiltrated major US telecom companies, including AT&T and Verizon, and has been accused of eavesdropping on government communications and political figures. TechCrunch also reported that the hackers have also gained access to law enforcement surveillance systems, potentially compromising sensitive investigations.
The hacking group has focused on exploiting two well-documented vulnerabilities in Cisco network devices, identified as CVE-2023-20198 and CVE-2023-20273. These security flaws allow attackers to create administrative accounts on affected systems and execute commands that require high-level privileges. Cisco first issued warnings about these vulnerabilities in October 2023.
However, many organizations have failed to implement the necessary security updates, nor have they removed affected devices from the public internet, leaving them vulnerable to attack. According to TechCrunch, Salt Typhoon has used these vulnerabilities to compromise over 1,000 Cisco devices globally, particularly those linked to telecommunications providers.
Recorded Future’s senior director of strategic intelligence, Jon Condra, stated that Salt Typhoon’s activities are “truly global in scope” and likely tied to China’s strategic intelligence-gathering efforts. He emphasized that the group’s ability to infiltrate critical infrastructure could be used for future geopolitical conflicts.
