Salt Typhoon Cyberattacks Exploit Cisco Flaws, Threatening Global Networks

Article Highlights
Off On

Salt Typhoon, a Chinese advanced persistent threat (APT) group, has been making significant news headlines recently with its highly sophisticated and damaging cyber-attacks on critical infrastructure worldwide. Known under various aliases including RedMike, Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, this group has systematically targeted telecommunications infrastructure, internet service providers (ISPs), and academic institutions. Recent reports have highlighted the group’s ongoing exploitation of vulnerabilities in Cisco devices, underscoring a persistent and evolving threat to global networks and emphasizing the critical need for a robust cybersecurity response.

Salt Typhoon’s Initial Infiltrations

High-Profile Targets in the US

Salt Typhoon first came into the spotlight last fall with explosive revelations about its infiltration of major US telecommunications providers such as T-Mobile, AT&T, and Verizon. The group managed to eavesdrop on US law enforcement wiretaps and even the activities of the Democratic and Republican presidential campaigns.

Their ability to penetrate such high-profile targets raised significant alarm within the cybersecurity community and among affected organizations. The breach not only highlighted the technical proficiency of Salt Typhoon but also revealed the inadequacies in existing cybersecurity defenses.

Continued Assault on Global Networks

Recent findings by Recorded Future’s Insikt Group indicate that Salt Typhoon, tracked as “RedMike,” has continued its aggressive assault on global communication networks with undeterred momentum. Between December and January, the group systematically targeted telecommunications providers and research universities across multiple continents. These coordinated attacks exploited known vulnerabilities in Cisco network devices, specifically two critical flaws in the IOS XE operating system: CVE-2023-20198 and CVE-2023-20273. These vulnerabilities enabled the attackers to gain administrative privileges and execute malicious commands on compromised devices, thereby granting them significant control and access to sensitive data.

This systematic exploitation of known vulnerabilities allowed Salt Typhoon to sidestep traditional cybersecurity defenses, highlighting the group’s sophisticated attack strategies.

Cisco’s Response and Vulnerability Details

Cisco’s Acknowledgment and Advisories

In response to these relentless attacks, a Cisco spokesperson issued a statement acknowledging awareness of the claims regarding the exploitation of these vulnerabilities. Cisco reiterated its previous guidance and advisories, urging customers to patch known vulnerabilities and strictly adhere to best practices for securing management protocols.

Critical Vulnerabilities in IOS XE

In October 2023, Cisco issued an urgent advisory for all its customers to immediately remove routers, switches, and other devices running the IOS XE operating system from the web. This drastic measure was prompted by the active exploitation of an unknown vulnerability within the user interface, resulting in the unauthorized creation of local admin accounts. This zero-day vulnerability, designated CVE-2023-20198, received a perfect score of 10 out of 10 on the Common Vulnerability Scoring System (CVSS). Shortly thereafter, Cisco revealed a second significant vulnerability, CVE-2023-20273, that compounded the already severe threat landscape.

Salt Typhoon’s Modus Operandi

Exploitation Tactics

Despite Cisco’s multiple advisories and warnings, a substantial number of organizations failed to promptly heed the advice. The group’s modus operandi involved the meticulous configuration of Generic Routing Encapsulation (GRE) tunnels to link compromised devices to its infrastructure. This sophisticated tactic permitted them to establish persistence on the target network and facilitate data exfiltration, all while evading detection by firewall and network monitoring systems.

Broader Implications of the Attacks

The broader implications of these sophisticated attacks are profound. The recurring incidents involving Cisco devices underscore the importance of constant vigilance and proactive security postures within organizations.

Global Reach and Strategic Aims

Diverse and Global Targets

Salt Typhoon’s recent campaign has affected a broad spectrum of organizations spread across various continents, highlighting the group’s strategic objectives of accessing sensitive networks for espionage, disruption, or potential data manipulation in the event of geopolitical tensions or conflict. Their targets included a US affiliate of a UK telecommunications company, several ISPs and telcos across different countries, and a notable ISP in Italy.

Academic Institutions Under Attack

In addition to telecommunications and ISPs, Salt Typhoon has directed its cyber-attacks against academic institutions engaged in significant research, particularly within fields like telecommunications and engineering. Notable targets have included esteemed institutions such as the University of California, Los Angeles (UCLA) and other prominent universities across the US, as well as universities in Argentina, Indonesia, and the Netherlands.

Persistent Threat and Security Challenges

Global Impact and Reach

The pervasive nature of Salt Typhoon’s threat is evident, with their campaign touching over 100 countries worldwide. The highest number of compromised devices has been recorded in regions such as South America, India, and the US, underscoring the group’s expansive operational footprint and its ability to execute coordinated attacks on a global scale.

Need for Robust Cybersecurity Measures

Salt Typhoon, a Chinese advanced persistent threat (APT) group, has recently garnered significant attention due to its highly sophisticated and damaging cyber-attacks targeting critical infrastructure worldwide. This ongoing menace underlines the urgent and critical requirement for a strong cybersecurity response to safeguard essential infrastructure. As Salt Typhoon continues to adapt its tactics, it reinforces the importance of vigilance and robust, up-to-date security measures in counteracting such threats effectively.

Explore more

Can Stablecoins Balance Privacy and Crime Prevention?

The emergence of stablecoins in the cryptocurrency landscape has introduced a crucial dilemma between safeguarding user privacy and mitigating financial crime. Recent incidents involving Tether’s ability to freeze funds linked to illicit activities underscore the tension between these objectives. Amid these complexities, stablecoins continue to attract attention as both reliable transactional instruments and potential tools for crime prevention, prompting a

AI-Driven Payment Routing – Review

In a world where every business transaction relies heavily on speed and accuracy, AI-driven payment routing emerges as a groundbreaking solution. Designed to amplify global payment authorization rates, this technology optimizes transaction conversions and minimizes costs, catalyzing new dynamics in digital finance. By harnessing the prowess of artificial intelligence, the model leverages advanced analytics to choose the best acquirer paths,

How Are AI Agents Revolutionizing SME Finance Solutions?

Can AI agents reshape the financial landscape for small and medium-sized enterprises (SMEs) in such a short time that it seems almost overnight? Recent advancements suggest this is not just a possibility but a burgeoning reality. According to the latest reports, AI adoption in financial services has increased by 60% in recent years, highlighting a rapid transformation. Imagine an SME

Trend Analysis: Artificial Emotional Intelligence in CX

In the rapidly evolving landscape of customer engagement, one of the most groundbreaking innovations is artificial emotional intelligence (AEI), a subset of artificial intelligence (AI) designed to perceive and engage with human emotions. As businesses strive to deliver highly personalized and emotionally resonant experiences, the adoption of AEI transforms the customer service landscape, offering new opportunities for connection and differentiation.

Will Telemetry Data Boost Windows 11 Performance?

The Telemetry Question: Could It Be the Answer to PC Performance Woes? If your Windows 11 has left you questioning its performance, you’re not alone. Many users are somewhat disappointed by computers not performing as expected, leading to frustrations that linger even after upgrading from Windows 10. One proposed solution is Microsoft’s initiative to leverage telemetry data, an approach that