Summary: China’s Salt Typhoon hackers continue to breach global telecommunications providers by exploiting vulnerabilities in Cisco IOS XE network devices, posing a serious cybersecurity threat. Recent reports indicate that these breaches have affected numerous telecom companies, including major U.S. ISPs, as part of a broader espionage campaign linked to the Chinese state. Network administrators are urged to promptly patch known vulnerabilities to prevent further exploitation.
Affected: U.S. telecommunications providers, including AT&T, Verizon, Lumen, and international telecommunications companies in South Africa, Italy, and Thailand.
Keypoints :
- Salt Typhoon had previously exploited the CVE-2023-20198 and CVE-2023-20273 vulnerabilities in Cisco devices.
- Over 1,000 Cisco network devices were targeted between December 2024 and January 2025, with more than half located in the U.S., South America, and India.
- The cyber-espionage group has been active since at least 2019, successfully breaching multiple telecom providers and accessing sensitive communications.
- Network admins are advised to implement security patches and avoid exposing Cisco device interfaces to the internet.
- These attacks were confirmed by the FBI and CISA, highlighting a significant threat to national cybersecurity.