FlagThis

The Chinese state-sponsored hacking group Salt Typhoon is expanding its espionage campaign, targeting U.S. telecommunication providers and other networks globally. The group, active since at least 2019, has been breaching major companies like AT&T, Verizon, and Lumen Technologies. Between December 2024 and January 2025, Salt Typhoon compromised additional telecom networks across the globe. The attacks involve a custom utility called JumbledPath, used to stealthily monitor network traffic and potentially capture sensitive data.

Salt Typhoon gains initial access through stolen credentials and exploiting vulnerabilities in Cisco routers. Specifically, they target internet-exposed Cisco network routers, leveraging CVE-2023-20198 and CVE-2023-20273 to escalate privileges and gain root access. Once inside, they extract credentials by intercepting authentication traffic, modify network configurations, and create hidden accounts to maintain persistent access. The group's objectives include intercepting sensitive communications, tracking political activists, and stealing research from academic institutions.

ImgSrc: www.secureworld.io

References:

• @bleepingcomputer.com - BleepingComputer - The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. tel - 4d
• @BleepingComputer - The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. tel - 4d
• Security Affairs - Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers - 4d
• www.bleepingcomputer.com - state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. - 4d
• @youranonriots - state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. - 4d
• @BleepingComputer - The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. tel - 4d
• @carlypage - state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. - 4d
• Blog - New Details: Salt Typhoon Used Leaked Creds in Telecom Attack - 3d
• SecureWorld News - Chinese cyber espionage group Salt Typhoon has made headlines in the last year, breaching major , including AT&T, Verizon, and Lumen Technologies. - 3d
• cyberscoop.com - Salt Typhoon gained initial access to telecoms through Cisco devices - 3d
• www.bleepingcomputer.com - Chinese hackers breach more U.S. telecoms via unpatched Cisco routers - 2d
• gbhackers.com - Gbhackers news on Salt Typhoon Hackers Exploit Cisco Vulnerability - 1d
• www.the420.in - The 420 news on Chinese Hackers Target US Telecom Giants - 1d

Classification:

• HashTags: SaltTyphoon CyberEspionage TelecomSecurity
• Company: Cisco
• Target: US Telecom Providers
• Attacker: Salt Typhoon
• Product: Cisco Routers
• Feature: JumbledPath Malware
• Type: Espionage
• Severity: Major