When Chinese The Hacker Group known as Salt Topsni last fall revealed that it has been highly infiltrated by major telecommunications companies in the United States-while violations are less than nine carrying telephone and access to Americans in real-time texts and calls -This hacking campaign was treated as a four hacks by US government. However, even after the famous exposure of these hackers, they have continued to enter telecommunications networks around the world, including more in the United States.
Researchers at Cyber Security Company have registered in the future and revealed that they are witnessing the Salt Top 5 Salt Telecommunications and Internet Services Provider, as well as more than dozens of universities from Utah to Vietnam, between December and January. . According to analysts at the company, these remote communications include a US Internet service provider and telecommunication company and another US -based company based in the United Kingdom, though they refused to name the victims to wire.
“They are very active and are still very active,” says Levi Gundert, who leads the Research Team of the Future Future Future known as the Insikt Group. “I think there is only one appreciation of how aggressive they are in converting long -distance communications networks into Swiss cheese.”
To carry out this latest infiltration campaign, Salt Typhoon-recorded future songs by its name, Redmike, instead of the Typhoon category created by Microsoft-target Cisco’s IOS IOS Internet Internet Data, running on the network, routers and giant switches. Hackers exploited two different vulnerabilities in those devices, one of which gives initial access, and the other provides the main privileges and to the hackers completely control powerful equipment and access to a victim’s network. Give.
“Whenever you are embedded in infrastructure such as routers, you have the kingdom keys in what you can access, see and exile,” Gundert says.
The recorded future found more than 12,000 Cisco devices whose web interfaces were exposed online, saying hackers have targeted more than a thousand units installed on the world networks. Of these, they appear to be focused on smaller remote subsets and academic networks that their Cisco devices have successfully exploited. For those selected purposes, Salt Typhoon launched Cisco-hacked devices to connect to their steering servers and control the hackers through the public routing blockade, or the GRE-protocol tunnels used to set up private communication channels-to adjust these connections. To use to maintain it. Their access and theft of data.
When Wired arrived at Cisco, the company pointed to a security advice that released its iOS software interface in 2023. A spokesman wrote in a statement.
Hacking appliances as targets of target victims – often by exploiting well -known vulnerabilities that device owners have failed to patch – it has become a standard operational method for Salt Typhoon and other Chinese hacking groups. This is partly because these network devices lack many security controls and supervision monitoring that have been expanded to more traditional computing devices such as servers and PCs. Future notes recorded in their report that advanced Chinese espionage teams have been targeting this vulnerable home appliance as a major penetration method.
