Chinese state-sponsored hacking group Salt Typhoon continues to compromise telecommunications providers worldwide, despite recent US sanctions targeting its operations.
According to a report by Recorded Future, Salt Typhoon breached five telecommunications companies between December 2024 and January 2025. The victims include a US affiliate of a prominent UK provider, a US internet service provider, and companies in Italy, South Africa, and Thailand.
Salt Typhoon has also conducted reconnaissance activities on assets belonging to Myanmar-based Mytel. The group exploited vulnerabilities in Cisco IOS XE software to gain access to unpatched devices and target over 1,000 Cisco devices worldwide, primarily within telecommunications networks.
Additionally, Salt Typhoon has targeted university networks, including the University of California and Utah Tech. Researchers believe the group seeks to access research related to telecommunications, engineering, and technology.
Despite US sanctions against companies linked to Salt Typhoon, including Sichuan Juxinhe Network Technology, Recorded Future anticipates that the group will continue targeting telecommunications providers globally. The group’s activities pose significant threats to data privacy and national security.
Original source: Read the full article on TechCrunch
