China-Backed Hackers Target Telecoms and Universities in New Wave of Attacks

Article Highlights
Off On

In a concerning development for global cybersecurity, recent reports have revealed that the China-backed hacker group Salt Typhoon, also known as RedMike, carried out a series of cyberattacks targeting telecommunications companies and universities. Between December 2024 and January 2025, this sophisticated group managed to compromise five additional telecom providers worldwide, including two based in the United States. The attacks exploited unpatched vulnerabilities in Cisco edge devices, specifically leveraging CVE-2023-20198 and CVE-2023-20273, which allowed the hackers to escalate privileges and gain root access. As a result, over 1,000 devices across the globe, including several in the U.S., were infiltrated, highlighting the pervasive threat posed by state-sponsored cyber espionage.

Exploiting Vulnerabilities in Telecom Providers

Salt Typhoon’s campaign meticulously targeted network devices that had not received essential security patches. The vulnerabilities in the Cisco devices, known as zero-day flaws, were disclosed in October 2023, but many organizations had not yet patched their systems. The hackers took advantage of this lapse to infiltrate these critical devices, gaining a foothold in the target networks. The Insikt Group from Recorded Future, which closely monitors such threat activities, identified more than 12,000 Cisco devices worldwide with exposed web interfaces. This shift underscores the evolving tactics of Chinese threat groups that now focus on compromising public-facing network devices to establish long-term espionage capabilities.

Despite robust cybersecurity measures, the affected telecom providers did not detect the breaches until significant damage had been done. The Insikt Group confirmed that half of the compromised devices were located in the United States, South America, and India. The remaining devices were spread across various countries, marking a coordinated and extensive campaign. The senior director of strategic intelligence at Recorded Future, Jon Condra, highlighted the inherent challenges large enterprises face in maintaining effective patch management. Testing patches, planning downtime for updates, and ensuring that workflows remain unaffected are formidable tasks, contributing to such vulnerabilities being left unaddressed.

Targeting Academic Institutions

In addition to telecom companies, Salt Typhoon extended their cyberattacks to several American universities, including UCLA and Loyola Marymount University. The focus on academic institutions is presumed to be driven by the universities’ robust research programs in telecommunications and technology. By infiltrating these universities, the hackers aimed to gain access to cutting-edge research and potentially classified or sensitive information that could benefit Chinese state interests. The persistence and audacity of these attacks highlight the broad scope of targets vulnerable to state-sponsored espionage and reinforce the need for enhanced cybersecurity measures across all sectors.

Recorded Future has called on organizations to prioritize patching vulnerabilities and closely monitor configuration changes. Additionally, the cybersecurity firm advised against exposing administration interfaces and nonessential services to the internet. The recent campaign is reminiscent of previous breaches involving major U.S. telecommunications giants such as AT&T and Verizon. These incidents, which resulted in unauthorized access to the private communications of political figures and government officials, have prompted heightened concern within the U.S. government and the broader tech sector.

Implications and Future Considerations

In a troubling development for global cybersecurity, recent reports have unveiled that a China-backed hacker group known as Salt Typhoon, or RedMike, executed a series of cyberattacks on telecommunications companies and universities. Between December 2024 and January 2025, this highly skilled group successfully breached five more telecom providers worldwide, including two in the United States. The hackers exploited unpatched vulnerabilities in Cisco edge devices, specifically CVE-2023-20198 and CVE-2023-20273, to escalate privileges and gain root access. As a result, over 1,000 devices globally, including several in the U.S., were compromised. This underscores the significant threat posed by state-sponsored cyber espionage. The breaches serve as a stark reminder of the critical importance of maintaining robust cybersecurity measures and regularly updating software to patch vulnerabilities. The affected entities are now grappling with the fallout, assessing the extent of the breaches, and implementing measures to prevent future incidents.

Explore more

BSP Boosts Efficiency with AI-Powered Reconciliation System

In an era where precision and efficiency are vital in the banking sector, BSP has taken a significant stride by partnering with SmartStream Technologies to deploy an AI-powered reconciliation automation system. This strategic implementation serves as a cornerstone in BSP’s digital transformation journey, targeting optimized operational workflows, reducing human errors, and fostering overall customer satisfaction. The AI-driven system primarily automates

Is Gen Z Leading AI Adoption in Today’s Workplace?

As artificial intelligence continues to redefine modern workspaces, understanding its adoption across generations becomes increasingly crucial. A recent survey sheds light on how Generation Z employees are reshaping perceptions and practices related to AI tools in the workplace. Evidently, a significant portion of Gen Z feels that leaders undervalue AI’s transformative potential. Throughout varied work environments, there’s a belief that

Can AI Trust Pledge Shape Future of Ethical Innovation?

Is artificial intelligence advancing faster than society’s ability to regulate it? Amid rapid technological evolution, AI use around the globe has surged by over 60% within recent months alone, pushing crucial ethical boundaries. But can an AI Trustworthy Pledge foster ethical decisions that align with technology’s pace? Why This Pledge Matters Unchecked AI development presents substantial challenges, with risks to

Data Integration Technology – Review

In a rapidly progressing technological landscape where organizations handle ever-increasing data volumes, integrating this data effectively becomes crucial. Enterprises strive for a unified and efficient data ecosystem to facilitate smoother operations and informed decision-making. This review focuses on the technology driving data integration across businesses, exploring its key features, trends, applications, and future outlook. Overview of Data Integration Technology Data

Navigating SEO Changes in the Age of Large Language Models

As the digital landscape continues to evolve, the intersection of Large Language Models (LLMs) and Search Engine Optimization (SEO) is becoming increasingly significant. Businesses and SEO professionals face new challenges as LLMs begin to redefine how online content is managed and discovered. These models, which leverage vast amounts of data to generate context-rich responses, are transforming traditional search engines. They