- Canadian telecommunications companies have been struck by a cyber attack
- Chinese threat actor Salt Typhoon is suspected of being behind the attacks
- Hackers have exploited an existing cisco flaw to access
The Canadian Center for Cybersecurity, alongside the FBI, confirmed that the hackers were able to access three network devices recorded in a Canadian telecommunications company.
“The Cyber Center is aware of malicious cyber-activity currently targeting Canadian telecommunications companies. Responsible actors are almost certainly sponsored by the State of the PRC, in particular the Salphon of Salt,” said the Canadian cybersecurity center in a statement.
It is not an unknown territory for the typhoon of Salt, because the group compromised at least eight American telecommunications giants earlier in 2025, the pirates would have had access to these networks for months in a mass surveillance campaign affecting dozens of countries and targeting several senior officials.
A long running campaign
The pirates apparently exploited a high-gravity Cisco defect, followed as CVE-2023-20198 to access, allowing them to recover configuration files in progress from compromise devices, which were then modified in order to create a GRE tunnel, allowing traffic collection from the network to which the peripherals have been connected.
A patch for this flaw has been available since October 2023, which indicates serious safety surveillance in cybersecurity of Canadian telecommunications.
Threat actors probably targeted these devices in order to collect information on the victim’s internal network, or to use the victim’s apparatus to allow the compromise of new victims ”, which could explain how Salt Typhoon was so successful in the compromise of major organizations.
“Although our understanding of this activity continues to evolve, we assess that the CPR cyber-actors will certainly continue to target Canadian organizations as part of this spy campaign, including telecommunications service providers and their customers, over the next two years,” the statement confirms.
Telecommunications companies are a high priority for threat stakeholders because they store large amounts of customer data and have a useful intelligence value for cyber-spying campaigns.
Via: Arstechnica
