Safety researchers say the Chinese language government-linked hacking group, Salt Hurricane, is constant to compromise telecommunications suppliers, regardless of the recent sanctions imposed by the U.S. government on the group.
In a report shared with TechCrunch, menace intelligence agency Recorded Future mentioned it had noticed Salt Typhoon — which the corporate tracks as “RedMike” — breaching 5 telecommunications companies between December 2024 and January 2025.
Salt Hurricane made headlines final September after it was revealed that the group had infiltrated a number of U.S. cellphone and web giants, together with AT&T and Verizon, to achieve entry to the non-public communications of senior U.S. authorities officers and political figures.
Salt Hurricane additionally hacked into the systems that regulation enforcement companies use for court-authorized assortment of buyer information, probably accessing delicate information such because the identities of Chinese language targets of U.S. surveillance.
Recorded Future declined to call Salt Hurricane’s newest victims, however mentioned they embody a U.S.-based affiliate of a distinguished U.Ok. telecommunications supplier; a U.S. web service supplier, and telecommunications firms in Italy, South Africa and Thailand.
The hackers additionally carried out reconnaissance — the apply of covertly discovering and amassing details about a system — on a number of infrastructure property operated by Myanmar-based telecommunications supplier, Mytel, in response to Recorded Future.
To hold out these assaults, Salt Hurricane exploited two vulnerabilities (tracked as CVE-20232-0198 and CVE-2023-20273) to compromise unpatched Cisco units operating Cisco IOS XE software program. The hacking group has tried to compromise greater than 1,000 Cisco units globally, focusing significantly on units related to telecommunications suppliers’ networks, Recorded Future mentioned.
Recorded Future mentioned it had additionally noticed Salt Hurricane focusing on units related to universities, together with the College of California and Utah Tech. The researchers mentioned the hacking group “probably focused these universities to entry analysis in areas associated to telecommunications, engineering, and know-how.”
The U.S. authorities has sanctioned firms linked to the group. In January, the U.S. Treasury Division — itself targeted by Chinese government hackers lately — mentioned it had sanctioned a China-based cybersecurity firm generally known as Sichuan Juxinhe Community Know-how, which it says is straight linked to Salt Hurricane.
Recorded Future’s researchers say regardless of this motion, it expects Salt Hurricane to proceed focusing on telecommunications suppliers within the U.S. and elsewhere.
About The Author
