Salt Typhoon Exploited Cisco Vulnerabilities

Uploaded on 2025-03-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cisco Talos researchers have found a clever cyber espionage campaign, by the Chinese state-sponsored hackers called Salt Typhoon, that has been attacking the US telecommunications networks.

As suspected, their research has confirmed  that Salt Typhoon gained access to core networking infrastructure through Cisco devices and then used that infrastructure to collect information.

The hackers  gained access to Cisco devices by acquiring victim login information. In one case, they took advantage of a Cisco router flaw that has been publicly documented in the National Institute for Standards and Technology’s vulnerability database for years.

While credential theft remains their primary entry method, researchers confirmed exploitation of Cisco’s CVE-2018-0171 Smart Install Remote Code Execution vulnerability in at least one breach. The attackers had access for over three years in some networks, using advanced techniques across multi-vendor environments. 

The hackers used stolen credentials and network device misconfigurations to switch between different telecom operators’ systems.

Attackers successfully exfiltrated network configurations containing weakly encrypted SNMP community strings and local account credentials, enabling lateral movement through GRE tunnels and modified loopback interfaces. Cisco’s analysis has shown the strategic use of network appliances as points for data exfiltration, with some intrusions targeting secondary telecoms solely to reach primary objectives. 

Hackers regularly use publicly available malicious tooling to exploit these vulnerabilities, making patching of these vulnerabilities a top priority.

US government officials  have pledged to take action against on China, calling for a more offensive  approach in cyberspace, although no specific plan have been made public. Indeed, such plans may already be in motion as China has publicly blamed the US for hacks on Chinese organisations. 

Talos   |   Cisco     |   Cybersecurity News     |    Infosecurity Magazine     |  The Hacker News  |   Nextgov

Image: kynny

You Might Also Read: 

Lessons Learned From The Salt Typhoon Hacks:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Criminals Can Clone Branded Websites
AI Could Help Prepare For The Next Pandemic »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

National Association of Software and Services Companies (NASSCOM) - India

National Association of Software and Services Companies (NASSCOM) - India

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Managed Security Solutions (MSS)

Managed Security Solutions (MSS)

MSS deliver consultancy services and managed security services for IT departments who may lack the time, resources, or expertise themselves.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC platform for fraud and risk management.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.