Chinese Hackers Target More US Telecoms with Unpatched Cisco Routers

Recent reports reveal that the notorious Chinese hacking group, Salt Typhoon, continues to breach US telecommunications networks by exploiting unpatched Cisco routers. These attacks have been ongoing since December 2024 and have targeted several telecom providers, including major US ISPs and affiliates of international telecom giants.

The group has been using two significant vulnerabilities—CVE-2023-20198 and CVE-2023-20273—found in Cisco IOS XE devices. These flaws allow attackers to escalate privileges and inject malicious commands through the web interface, compromising network devices and enabling persistent access. Despite Cisco's release of security patches, many of these devices remain unprotected, leaving networks vulnerable to espionage.

The hackers have infiltrated not only US networks but also telecom companies in South Africa, Italy, and Thailand, further demonstrating the global scope of this cyber-espionage campaign. Notably, Salt Typhoon has been able to maintain long-term access by leveraging GRE tunnels, which allow secure communication with their command servers.

Cisco strongly advises all network administrators to apply available patches and avoid exposing administrative interfaces to the internet to reduce the risk of similar breaches. This series of attacks highlights the persistent threat posed by state-sponsored cybercriminals and underscores the need for robust cybersecurity measures across global telecom infrastructures.

The ongoing campaign, confirmed by the FBI and CISA, is part of a broader effort by Chinese state hackers to compromise private communications, including those of US government officials. This breach follows a pattern of similar attacks dating back to 2019, with Salt Typhoon continuing its cyber-espionage efforts across various sectors.

For businesses and service providers, this breach serves as a stark reminder of the importance of proactive security measures, timely patching, and network isolation to prevent unauthorized access.

If you have any questions or concerns regarding your network setup and if you are vulnerable to cyber-attacks, please reach out to Verenity today to schedule a consultation appointment.