Cisco Confirms Salt Typhoon Exploitation in Telecom Hits

Summary: Cisco confirmed that the Chinese threat actor Salt Typhoon exploited a Cisco vulnerability to infiltrate major US telecommunications providers, including T-Mobile, AT&T, and Verizon last fall. The attack exploited both an older vulnerability and stolen login credentials, allowing the actor prolonged access to the affected networks. Cisco advises users to patch existing vulnerabilities and follow cybersecurity best practices to mitigate risks.

Affected: T-Mobile, AT&T, Verizon, Cisco Systems

Keypoints :

• Salt Typhoon exploited vulnerabilities in major US telecommunications networks.
• Attack vectors included CVE-2018-0171 and stolen login credentials.
• Long-term access to compromised environments facilitated configuration changes and data exfiltration.
• Users advised to patch vulnerabilities CVE-2023-20198, CVE-2023-20273, and CVE-2024-20399.
• Recommended practices include credential hygiene education and staying updated on security advisories.