When the Chinese hacker group is known as salt typhoon In -depth American telecom companies entered-Palvered the phone carrier not violating less than nine and arriving at American texts and calling in real-time was considered as four-alarm fire by the US government. Nevertheless, even after the high-profile exposure of those hackers, they have continued their competition to break up in telecom networks worldwide, including more in the US.
Researchers at the cyberspace firm revealed in a reported report on Wednesday night that they have seen five telecom and internet service providers around the world, as well as between December and January, from Utah to Vietnam to Vietnam More than a dozen universities have also been seen. According to company analysts at Telecom, a US Internet service provider and another US-based subsidiary of the telecom firm and the UK Telecom, although he refused to name those victims for wired.
“They are super active, and they remain super active,” says Levy Gandar, which is recorded to the future research team which is known as Insickt Group. “I think there is a general under-appointment for how aggressive they are in converting telecom networks into Swiss cheese.”
To complete this latest campaign of infiltration, salt typhoon-instead of a typhoon handle created by Microsoft, has recorded future tracks under its own name, redmike-Internet-designing web interfaces of IOS software of Cisco Has targeted, which runs on networking. Vishal's router and switch. Hackers exploited two separate weaknesses in the codes of the devices, one of which provides initial access, and the other which provides root privilege, causing hackers to have often powerful pieces of equipment with access to the victim's network. Get complete control.
“At any time you are embedded in the communication network on a infrastructure like routers, you have a state key that you are able to access and see and exfiltrate,” Gundar says.
More than 12,000 Cisco devices were found in recorded future whose web interfaces were exposed online, and say hackers targeted more than a thousand of the devices installed in the network worldwide. Among them, they focus on a small highest sate of telecom and university networks, whose Cisco devices successfully exploited. For those selected targets, salt typhoon configured the hackers to connect hackers to the Hacker's own command-control server. A protocol used for when used to maintain those connections. Their access and data theft.
When reached Cisco for wired comment, the company pointed to one Security advisor It published about the weaknesses in its iOS software web interface in 2023. “We advise customers to follow the recommendations mentioned in the advisor and upgrade the available software release,” a spokesman wrote in a statement.
Hack to network devices as entry points to target victims – often taking advantage of known weaknesses that the owners of the device have failed to patch – salt typhoon and other Chinese hacking groups have become a standard operation process for groups. . It is in part because those network devices lack many safety control and monitoring software that has been extended to more traditional computing devices such as servers and PCs. Future notes have been recorded in their report that sophisticated Chinese spy teams have targeted those weak network devices as primary infiltration technology for at least five years.