DOJ Confirms FBI's Major Operation to Eradicate Chinese Malware from Thousands of US Computers

China’s Salt Typhoon Hackers Persist in Telecom Breaches Despite US Sanctions: A Growing Cyber Threat

Security researchers have raised concerns about the continued activities of the Chinese government-linked hacking group, Salt Typhoon. This group has been implicated in compromising telecommunications providers even after the recent sanctions imposed by the U.S. government. The findings, detailed in a report from the threat intelligence firm Recorded Future, highlight the persistent threat posed by Salt Typhoon to critical infrastructure.

Ongoing Threats from Salt Typhoon

According to Recorded Future, between December 2024 and January 2025, Salt Typhoon—also tracked as RedMike—managed to breach five telecommunications firms. This activity follows previous reports of the group’s infiltration into major U.S. phone and internet providers, including AT&T and Verizon, which allowed them access to sensitive communications of U.S. government officials and political figures.

Infiltration of Law Enforcement Systems

Salt Typhoon’s attacks have extended to systems used by law enforcement agencies for court-authorized data collection, potentially compromising sensitive information on individuals under U.S. surveillance.

Recent Victims of Salt Typhoon

Although Recorded Future has not disclosed the names of the latest victims, the report indicates that they include:

  • A U.S.-based affiliate of a major U.K. telecommunications provider
  • A U.S. internet service provider
  • Telecommunications companies in Italy, South Africa, and Thailand

Targeting Infrastructure in Myanmar

Furthermore, Salt Typhoon has conducted reconnaissance on infrastructure assets owned by Mytel, a telecommunications provider in Myanmar. This indicates a broader strategy of gathering intelligence on various networks.

Exploitation of Vulnerabilities

To execute these attacks, Salt Typhoon has exploited two vulnerabilities, identified as CVE-2023-0198 and CVE-2023-0273. These vulnerabilities affect unpatched Cisco devices running Cisco IOS XE software. The hacking group has attempted to compromise over 1,000 Cisco devices worldwide, with a focus on those linked to telecommunications networks.

READ ALSO  Smiths Group Confirms Cyberattack: Hackers Breach Systems of Engineering Titan

University Targets

In addition, Recorded Future observed that Salt Typhoon has targeted devices associated with universities, including:

Researchers suggest that these attacks may be aimed at accessing research related to telecommunications, engineering, and technology.

U.S. Government Response

In response to these ongoing threats, the U.S. government has sanctioned several companies linked to Salt Typhoon. In January, the U.S. Treasury Department imposed sanctions on Sichuan Juxinhe Network Technology, a cybersecurity firm in China, which is reportedly connected to the hacking group.

Future Expectations

Despite these sanctions, experts at Recorded Future believe that Salt Typhoon will continue to target telecommunications providers both in the U.S. and globally, posing a significant risk to national and international security.

Similar Posts

Protect Your Privacy: How to Detect and Remove Stalkerware from Your Android Phone

Protect Your Privacy: How to Detect and Remove Stalkerware from Your Android Phone

Bysupport

Consumer-grade spyware apps pose a serious threat to Android users by secretly monitoring private information, including messages and locations. Often marketed as family-tracking tools, these apps, known as stalkerware, can be difficult to detect as they may hide from the home screen. Signs of compromise include unusual phone behavior and excessive data usage. To identify and remove spyware, users should enable Google Play Protect, review accessibility services, check notification access, inspect device admin settings, and uninstall suspicious apps. Strengthening device security with strong passwords and two-factor authentication is also recommended. For support, contact the National Domestic Violence Hotline.

Perplexity Expands Horizons: Acquires Read.cv, The Ultimate Social Media Platform for Professionals

Last Chance: Save Up to $1,130 on Passes for TechCrunch Disrupt 2025 – Only 3 Days Left!

Bysupport

The countdown to TechCrunch Disrupt 2025 is on, with ticket savings of up to $1,130 available until February 28 at 11:59 p.m. PT. Celebrating 20 years, the event will be held from October 27-29 at Moscone West in San Francisco, featuring over 10,000 tech leaders and 250+ sessions. Attendees can expect insights on cutting-edge AI, expert sessions, interactive experiences, and the Startup Battlefield 200 competition for a $100,000 prize. Notable speakers include industry leaders like Mary Barra and Serena Williams. Don’t miss this opportunity to connect and learn—secure your tickets now!

Cyberattack Hits Ukraine: Disruption of Train Ticket Sales Amidst Growing Digital Threats

Cyberattack Hits Ukraine: Disruption of Train Ticket Sales Amidst Growing Digital Threats

Bysupport

Ukrainian railway operator Ukrzaliznytsia faced a significant cyberattack that disrupted its online ticket sales, affecting both domestic and international transactions. Despite this, train operations remained stable and uninterrupted. Increased passenger traffic was reported at Kyiv’s central railway station, leading to long lines for ticket purchases. In response, Ukrzaliznytsia reassured travelers that train services were running smoothly and outlined alternatives for those unable to buy tickets online, including visiting ticket offices or boarding trains without tickets. This incident emphasizes the need for robust cybersecurity measures in critical infrastructure.

CISA Election Security Officials Placed on Leave: Key Insights and Implications

CISA Election Security Officials Placed on Leave: Key Insights and Implications

Bysupport

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is undergoing significant changes, with 17 members of its election security team placed on administrative leave amid a review. This has raised concerns about safeguarding election security ahead of the 2024 elections. The affected employees, including 10 regional security officials, played key roles in addressing cybersecurity threats like ransomware attacks. The agency’s future is uncertain following the departure of former director Jen Easterly and a lack of new leadership. CISA’s commitment to election security is now in question, prompting calls for transparency and updates on its actions.

US Lawmakers Push for Public Hearing on Apple 'Backdoor' Controversy at UK Spy Court

US Lawmakers Push for Public Hearing on Apple ‘Backdoor’ Controversy at UK Spy Court

Bysupport

Bipartisan U.S. lawmakers, led by Senator Ron Wyden, are pushing for transparency regarding Apple’s challenge to a secret legal demand from the U.K. government. In a letter to the U.K.’s Investigatory Powers Tribunal, they called for an open hearing, emphasizing concerns over user privacy and constitutional rights. The alleged U.K. order would require Apple to create a “backdoor” for government access to customer data, which Apple has resisted. The tribunal is set for a private hearing soon, while civil rights groups are also advocating for transparency and questioning the legality of the U.K.’s demands.

IMI Hacked: A Wake-Up Call for British Engineering Firms in Cybersecurity

IMI Hacked: A Wake-Up Call for British Engineering Firms in Cybersecurity

Bysupport

British engineering firm IMI has reported a significant cybersecurity incident, following a similar breach at competitor Smiths Group. Both companies are grappling with unauthorized access to their systems, highlighting vulnerabilities in the engineering sector. IMI, based in Birmingham, is working with external cybersecurity experts to investigate the breach and comply with regulatory obligations, though details about the incident remain sparse. Meanwhile, Smiths Group is focused on recovering affected systems. These incidents emphasize the urgent need for engineering firms to enhance their cybersecurity measures to safeguard sensitive data and ensure operational stability. Stakeholders are urged to prioritize cybersecurity vigilance.