Security researchers say the Chinese Hacking team associated with the government, Salt Typhoon, continues to endanger telecommunications providers, despite recent sanctions imposed by the US government on the group.
In an exhibition shared with TechCrunch, Intelligence Fruture said it had noticed that Typhoon Salt – which the company is watching as “Redmike” – violating five telecommunications businesses between December 2024 and January 2025.
Salt Typhoon made headlines last September after it was revealed that the team had infiltrated several US telephone and internet giants, including AT&T and Verizon, to access private communications by senior government officials and politicians.
Salt Typhoon has also violated the systems used by law enforcement services for authorized customer data collection, possibly access to sensitive data, such as the identities of the Chinese goals of American surveillance.
The recorded future refused to name the last victims of Salt Typhoon, but said they included a US -based subsidiary for a prominent UK telecommunications provider. An American internet service provider and telecommunications companies in Italy, South Africa and Thailand.
The hackers also made recognition-the practice of secretly discovering and gathering information about a system-in multiple infrastructure assets managed by MYTEL-based telecommunications provider, according to the recorded future.
To perform these attacks, Typhoon Salt took advantage of two vulnerabilities (monitored as CVE-20232-0198 and CVE-2023-20273) to reconcile the non-formed CISCO devices that perform Cisco iOS XE software. The hacking team has tried to endanger more than 1,000 Cisco devices worldwide, focusing particularly on devices related to telecommunications providers, Future Future said.
The recorded future stated that it had also observed Typhoon Salt targeting devices associated with universities, including the University of California and Utah Tech. Researchers said the hacking team “may aim for these universities to have access to research in areas related to telecommunications, engineering and technology”.
The US government has ratified companies associated with the group. In January, the US Department of Finance-recently addressed by Chinese government hackers-said it had imposed sanctions on a cyberspace based in China, known as Sichuan Juxinhe Network Technology, which is directly linked to Typhoon Salt.
Researchers in the recorded future say despite this action, he expects Typhoon Salt to continue to target telecommunications providers in the US and elsewhere.
