Cisco Confirms Salt Typhoon Exploited US Telecom Networks

Cisco Confirms Salt Typhoon Exploited US Telecom Networks | IT Ne

Facebook Instagram X-twitter Youtube

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.

Following research reports last week that Salt Typhoon, the Chinese threat actor known for spying on communications networks, exploited a Cisco vulnerability to infiltrate major US telecommunications providers last fall — including T-Mobile, AT&T, and Verizon — the networking giant has confirmed the activity and offered details on two main attack vectors.

Cisco Talos researchers said the attack vectors included exploiting an older security vulnerability tracked as CVE-2018-0171; and using stolen log-in credentials to gain access to the infrastructure.

The threat actor was able to maintain access to these compromised environments for extended periods of times, and, in one instance, for over three years, the researchers said, paving the way for configuration exfiltration, infrastructure pivoting, and configuration modification.

Though no new Cisco vulnerabilities have been discovered in the campaign, Cisco said it is also receiving reports that Salt Typhoon is abusing at least three other known Cisco vulnerabilities: CVE-2023-20198, CVE-2023-20273, and CVE-2024-20399. Users should patch these immediately.

The attribution to Salt Typhoon hinges on a few clues, according to Cisco Talos. “There are several reasons to believe this activity is being carried out by a highly sophisticated, well-funded threat actor, including the targeted nature of this campaign, the deep levels of developed access into victim networks, and the threat actor’s extensive technical knowledge,” said the researchers. “Furthermore, the long timeline of this campaign suggests a high degree of coordination, planning, and patience — standard hallmarks of advanced persistent threat (APT) and state-sponsored actors.”

Explore IT Tech News for the latest advancements in Information Technology & insightful updates from industry experts! 

Source : https://www.darkreading.com/cyber-risk/cisco-salt-typhoon-exploitation-telecom

Trending Now

beginners-guide-to-digital-experience-monitoring-dem 1

Beginner’s Guide to Digital Experience Monitoring (DEM)

,

balancing-kubernetes-costs-and-performance-with-observability 1

Balancing Kubernetes Costs and Performance with Observability

,

observability-for-ai-monitor-llms-agents-and-infrastructure 1

Observability for AI: Monitor LLMs, Agents, and Infrastructure

,

quick-guide-6-key-steps-for-kubernetes-troubleshooting 1

Quick Guide: 6 Key Steps for Kubernetes Troubleshooting

,

state-of-ai-in-business-communications-3

State of AI in Business Communications

Unlocking the Secure WAN Edge: 10 Essential SD-WAN Transformation Capabilities

Information Technology

View All

The New CIO Imperative

The New CIO Imperative explores how CIOs are redefining their role in the agentic AI era—moving beyond experimentation to driving measurable business outcomes. Based on research from over 1,000 global

Put AI to work to elevate customer experiences

Streamline the customer experience from start to finish with generative AI. GenAI-powered Now Assist makes it easier than ever for customers to self-solve, empowers your agents to quickly resolve complex

,

A CIO’s Guide to Navigating the Boardroom

As a leader in tech, how can you spend less time dealing with everyday operational issues, and more time thinking about how to deliver productivity, efficiency, and better experiences for

View all