Summary: Cisco has reported that a sophisticated Chinese threat actor named Salt Typhoon has exploited a known vulnerability (CVE-2018-0171) and acquired legitimate login credentials to infiltrate major U.S. telecommunications companies. The hacking group has maintained persistent access for over three years, employing advanced techniques to obscure their activities. Cisco found no evidence of other recent vulnerabilities being exploited, emphasizing the organized and well-funded nature of the attackers.
Affected: U.S. telecommunications companies
Keypoints :
- Salt Typhoon used stolen credentials and exploited CVE-2018-0171 to gain initial access.
- The threat actor demonstrated patience and planning, maintaining access for extended periods.
- Utilized techniques such as network traffic capture and custom tools to obfuscate their presence.
- Exploited trusted network infrastructure to pivot between targets and facilitate data exfiltration.
- Modification of network configurations and the use of bespoke utilities contributed to their stealthy operations.
Source: https://thehackernews.com/2025/02/cisco-confirms-salt-typhoon-exploited.html
Views: 73
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português