Hackers linked to China’s Salt Typhoon group, who breached several US telecommunications companies last year – including Viasat, Verizon, and T-Mobile – also hacked a Canadian telecom provider in February.
The breach was confirmed by the Canadian Center for Cyber Security and the Federal Bureau of Investigations (FBI) in the US. The threat actors exploited the CVE-2023-20198 flaw, a critical Cisco vulnerability that provides attackers remote access and admin-level privileges.
“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,” the Canadian authorities said, adding that the responsible actors are “almost certainly” sponsored by the People’s Republic of China.
According to the officials, three network devices registered to an unnamed Canadian telecommunications company were compromised by likely Salt Typhoon actors in the middle of February earlier this year.
The China-linked hackers exploited the flaw to retrieve the running configuration file from all three devices and modified at least one of the files to configure a GRE tunnel, which enabled traffic collection from the network.
“Telecommunications networks are almost certainly among the highest priority espionage targets for state-sponsored cyber threat actors,” the Canadian officials said.
“Hostile state actors very likely rely on access to telecommunications service providers and telecommunications networks around the world as a key source of foreign intelligence collection.”
Authorities also warned that Salt Typhoon is likely targeting sectors beyond telecommunications.
Security oversight
A patch for the CVE-2023-20198 flaw has been available since October 2023, when the vulnerability was first disclosed following reports that it had been used to compromise more than 10,000 devices.
The fact that the hackers were able to exploit the well-known and severe vulnerability signals a major security oversight on the Canadian telecom firm.
Last year, Salt Typhoon made headlines after the US government discovered the group had breached more than half a dozen American broadband providers, including Verizon, AT&T, T-Mobile, and Lumen Technologies. Viasat was later added to the list.
The phone records of then-President-elect Donald Trump and running mate JD Vance, as well as some Kamala Harris campaign staffers, were all targeted by the group during the 2024 presidential campaign through Verizon.
Salt Typhoon is also believed to be behind this February’s hack of the US Treasury Department, in which the threat actors were able to gain access to the laptops of some senior US officials.
Operating since 2020, the China-linked threat actors are said to be highly sophisticated, using anti-forensic and anti-analysis techniques that allow the group to go undetected for months.
Your email address will not be published. Required fields are markedmarked