Salt Typhoon Exploited Cisco Vulnerabilities

Uploaded on 2025-03-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cisco Talos researchers have found a clever cyber espionage campaign, by the Chinese state-sponsored hackers called Salt Typhoon, that has been attacking the US telecommunications networks.

As suspected, their research has confirmed  that Salt Typhoon gained access to core networking infrastructure through Cisco devices and then used that infrastructure to collect information.

The hackers  gained access to Cisco devices by acquiring victim login information. In one case, they took advantage of a Cisco router flaw that has been publicly documented in the National Institute for Standards and Technology’s vulnerability database for years.

While credential theft remains their primary entry method, researchers confirmed exploitation of Cisco’s CVE-2018-0171 Smart Install Remote Code Execution vulnerability in at least one breach. The attackers had access for over three years in some networks, using advanced techniques across multi-vendor environments. 

The hackers used stolen credentials and network device misconfigurations to switch between different telecom operators’ systems.

Attackers successfully exfiltrated network configurations containing weakly encrypted SNMP community strings and local account credentials, enabling lateral movement through GRE tunnels and modified loopback interfaces. Cisco’s analysis has shown the strategic use of network appliances as points for data exfiltration, with some intrusions targeting secondary telecoms solely to reach primary objectives. 

Hackers regularly use publicly available malicious tooling to exploit these vulnerabilities, making patching of these vulnerabilities a top priority.

US government officials  have pledged to take action against on China, calling for a more offensive  approach in cyberspace, although no specific plan have been made public. Indeed, such plans may already be in motion as China has publicly blamed the US for hacks on Chinese organisations. 

Talos   |   Cisco     |   Cybersecurity News     |    Infosecurity Magazine     |  The Hacker News  |   Nextgov

Image: kynny

You Might Also Read: 

Lessons Learned From The Salt Typhoon Hacks:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Criminals Can Clone Branded Websites
AI Could Help Prepare For The Next Pandemic »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

Virsec Systems

Virsec Systems

Virsec detects and remediates previously “indefensible” advanced memory-based attacks on critical applications and server endpoints.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

GoVanguard

GoVanguard

GoVanguard is an boutique information security team delivering robust, business-focused information security solutions.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

Silk Security

Silk Security

Silk is the first platform that enables enterprises to take a strategic, sustainable approach to resolving code, infrastructure and application risk.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.