- Cisco reveals that Salt Typhoon used CVE-2018-0171 to rape the target networks
- He needed connection references, first
- The attackers are very sophisticated and well funded, said Cisco
The threat actor sponsored by the Chinese state Salt Typhoon abused a vulnerability in the intelligent installation function of Cisco iOS software and Cisco iOS Xe software to compromise American telecommunications networks, experts confirmed.
In a new blog article, Cisco said that he had found evidence of typhon of Sel abusing the CVE-2018-0171, a vulnerability 9.8 / 10 (critic) which allows the actors of the threat to execute arbitrary code on a device affected.
“The threat actor then demonstrated his ability to persist in target environments through the equipment of several suppliers for long periods, maintaining access in one case for more than three years,” said Cisco Talos.
Large -scale espionage
The researchers described threat actors as “very sophisticated” and “well funded”, adding, “the long calendar of this campaign suggests a high degree of coordination, planning and patience – the standard characteristics of the persistent advanced threat (APT) and the State and the State -Actors broadcast. “”
To be able to exploit this vulnerability, the typhoon of salt first needed valid connection identification, which he was able to acquire in a way. Researchers have their suspicions on how: “In addition, we observed the threat actor capturing SNMP, Tacacs and Radius traffic, including the secret keys used between network devices and Tacac / Radius servers”, said Cisco. “The intention of this traffic capture is almost certainly to list additional identification details for tracking.”
At the end of October 2024, the FBI and the CISA warned against several main American telecommunications suppliers having been raped by the typhoon of Salt.
The declaration noted: “The American government is investigating unauthorized access to the commercial infrastructure of telecommunications by actors affiliated to the People’s Republic of China.”
As the investigation progressed, in December 2024, the researchers found that at least eight major American telecommunications were raped, notably T-Mobile, Verizon, AT&T and Lumen Technologies as well as countless others in the world .
Via The Hacker News
