Salt Typhoon Exploited Cisco Vulnerabilities

Uploaded on 2025-03-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cisco Talos researchers have found a clever cyber espionage campaign, by the Chinese state-sponsored hackers called Salt Typhoon, that has been attacking the US telecommunications networks.

As suspected, their research has confirmed  that Salt Typhoon gained access to core networking infrastructure through Cisco devices and then used that infrastructure to collect information.

The hackers  gained access to Cisco devices by acquiring victim login information. In one case, they took advantage of a Cisco router flaw that has been publicly documented in the National Institute for Standards and Technology’s vulnerability database for years.

While credential theft remains their primary entry method, researchers confirmed exploitation of Cisco’s CVE-2018-0171 Smart Install Remote Code Execution vulnerability in at least one breach. The attackers had access for over three years in some networks, using advanced techniques across multi-vendor environments. 

The hackers used stolen credentials and network device misconfigurations to switch between different telecom operators’ systems.

Attackers successfully exfiltrated network configurations containing weakly encrypted SNMP community strings and local account credentials, enabling lateral movement through GRE tunnels and modified loopback interfaces. Cisco’s analysis has shown the strategic use of network appliances as points for data exfiltration, with some intrusions targeting secondary telecoms solely to reach primary objectives. 

Hackers regularly use publicly available malicious tooling to exploit these vulnerabilities, making patching of these vulnerabilities a top priority.

US government officials  have pledged to take action against on China, calling for a more offensive  approach in cyberspace, although no specific plan have been made public. Indeed, such plans may already be in motion as China has publicly blamed the US for hacks on Chinese organisations. 

Talos   |   Cisco     |   Cybersecurity News     |    Infosecurity Magazine     |  The Hacker News  |   Nextgov

Image: kynny

You Might Also Read: 

Lessons Learned From The Salt Typhoon Hacks:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Criminals Can Clone Branded Websites
AI Could Help Prepare For The Next Pandemic »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.