Salt Typhoon, a Chinese nation-state threat group, has been identified as a key player in recent cyberattacks on U.S. telecom networks through breaches of Cisco devices. The group utilized both known vulnerabilities and legitimate credentials to gain access, signaling a sophisticated level of cyber espionage. These attacks have raised concerns about the security of critical communication infrastructure.
Earlier reports indicated that Salt Typhoon primarily exploited specific vulnerabilities to infiltrate networks. However, the latest findings reveal a broader strategy involving the use of legitimate login credentials, showcasing an evolution in their attack methodologies.
How Did Salt Typhoon Gain Access?
The group exploited a seven-year-old critical vulnerability, CVE-2018-0171, in one instance, while in other cases, they accessed Cisco devices using legitimate login credentials. This dual approach allowed multiple entry points into the targeted telecom networks.
What Vulnerabilities Were Exploited?
In addition to CVE-2018-0171, Salt Typhoon leveraged vulnerabilities CVE-2023-20198 and CVE-2023-20273 between December and January, compromising five more telecom networks. These vulnerabilities highlight the importance of timely patching and updates in network security.
What Measures Are Recommended?
“Cisco Talos published a blog about the threat actor Salt Typhoon’s campaign, based on Cisco’s investigation while assisting law enforcement and victims of the attacks. Our findings do not cover the entirety of the Salt Typhoon campaign or all affected infrastructure, as these go beyond the scope of Cisco’s engagement and technology. As always, we strongly advise customers to patch known vulnerabilities and follow industry best practices for securing management protocols.”
The persistent efforts of Salt Typhoon to infiltrate telecom networks underscore the necessity for continuous monitoring and updating of network security protocols. Organizations must prioritize the protection of legitimate login credentials and implement robust access controls to mitigate such threats. By understanding the evolving tactics of advanced threat groups, telecom providers can better safeguard their critical infrastructure against sophisticated cyberattacks.
