Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics
Summary: Cisco’s Talos Intelligence Group reported that the Chinese hacking group Salt Typhoon breached US telecom networks by exploiting unpatched vulnerabilities and using stolen credentials. The group successfully leveraged the CVE-2018-0171 vulnerability in legacy systems, showcasing their capability to manipulate network infrastructure with minimal detection. Despite these discoveries, there is no evidence of new exploitations beyond known vulnerabilities.

Affected: US telecommunications companies

Keypoints :

  • Salt Typhoon exploited old Cisco vulnerabilities, specifically CVE-2018-0171, in their attacks on telecom networks.
  • The hackers employed credential theft and “living-off-the-land” tactics, utilizing legitimate login information to access sensitive devices.
  • Extensive use of network infrastructure pivoting allowed attackers to navigate between compromised telecom systems undetected.

Source: https://www.securityweek.com/cisco-details-salt-typhoon-network-hopping-credential-theft-tactics/