Summary: Cisco’s Talos Intelligence Group reported that the Chinese hacking group Salt Typhoon breached US telecom networks by exploiting unpatched vulnerabilities and using stolen credentials. The group successfully leveraged the CVE-2018-0171 vulnerability in legacy systems, showcasing their capability to manipulate network infrastructure with minimal detection. Despite these discoveries, there is no evidence of new exploitations beyond known vulnerabilities.
Affected: US telecommunications companies
Keypoints :
- Salt Typhoon exploited old Cisco vulnerabilities, specifically CVE-2018-0171, in their attacks on telecom networks.
- The hackers employed credential theft and “living-off-the-land” tactics, utilizing legitimate login information to access sensitive devices.
- Extensive use of network infrastructure pivoting allowed attackers to navigate between compromised telecom systems undetected.
Source: https://www.securityweek.com/cisco-details-salt-typhoon-network-hopping-credential-theft-tactics/