- Safety researchers of the activity of the new activity of Typhon of Salt
- The actor threatens is still after the ISPs and the universities of the West
- The group abuses Cisco equipment defects to achieve new targets
Salt Typhoon, an actor of threat sponsored by the Chinese state, better known for having recently violated a dozen telecommunications suppliers in the United States, has again struck, striking not only American organizations, but also those of the United Kingdom , from South Africa and elsewhere in the world.
The latest intrusions were identified by cybersecurity researchers from Recred Future, who said that the group targets web interfaces exposed to the IOS Cisco software which feeds different routers and switches. These devices have experienced vulnerabilities that threat actors actively exploit to obtain initial access, root privileges, etc.
More than 12,000 Cisco devices were found connected to the wider Internet and exposed to risks, explained later. However, Salt Typhoon focuses on a “smaller subset” of telecommunications and university networks.
Recent activity
This “smaller subset” of objectives includes American internet service providers and telecommunications companies, an American telecommunications subsidiary in the United Kingdom, telecommunications in South Africa and Thailand, an Internet service provider Italy, different universities of the world (Argentina, Bangladesh, Indonesia, Malaysia, Mexico, Netherlands, Thailand, Vietnam and the United States).
All this activity was spotted between December 2024 and January 2025, which means that the group is currently very active.
“They are super active, and they continue to be super active,” said Wired Levi Gundert, who directs the recording of the future research team, known as the Insikt group. “I think there is just a general underestimation of their aggressiveness to transform telecommunications networks into Swiss cheese.”
Cisco has also struck, saying that the vulnerabilities that the typhoon of salt operates has all been corrected and urged users to apply the fixes available as soon as possible.
Unrefined vulnerabilities are low fruits for cybercriminals, because they already have a work feat and proof of concept for malicious software infections, which makes their work relatively easy.
Via Cable
