@cyberscoop.com - 14d
The Chinese nation-state hacking group Salt Typhoon, despite facing US sanctions, continues to actively target telecommunications providers. Between December 2024 and January 2025, Recorded Future observed Salt Typhoon breaching five telecom firms, including a US-based affiliate of a UK telecom provider, a US internet service provider, and companies in Italy, South Africa, and Thailand. The group also performed reconnaissance on a Myanmar-based telecom provider.
Salt Typhoon exploited vulnerabilities in Cisco IOS XE software, specifically CVE-2023-20198 and CVE-2023-20273, to compromise unpatched Cisco devices. They attempted to compromise over 1,000 Cisco routers globally, focusing on those within telecom networks. Additionally, Salt Typhoon targeted universities, including the University of California and Utah Tech, potentially seeking access to research related to telecommunications and engineering.
References :
- cyberscoop.com: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- The Register - Security: More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
- Carly Page: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions. Recorded Future says Salt Typhoon breached five firms between December and January, including a US affiliate of a prominent UK provider and a US-based ISP
- techcrunch.com: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions.
- www.wired.com: Wired's coverage of Salt Typhoon's ongoing hacking activities.
- Threats | CyberScoop: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- cyberinsider.com: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- securebulletin.com: RedMike (Salt Typhoon) continues global Telecom attacks
- CyberInsider: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- Secure Bulletin: Report on RedMike's continued attacks on telecom providers.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks [exp] [net]
- Talkback Resources: Chinese state-sponsored APT group Salt Typhoon targets telecommunications providers and universities by exploiting Cisco vulnerabilities, creating privileged accounts, bypassing firewalls, and exfiltrating data using GRE tunnels, prompting organizations to patch devices, enforce access controls, and monitor for unauthorized changes.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- PCMag UK security: China's Salt Typhoon Spies Are Still Eavesdropping on Global Networks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks – Source: www.securityweek.com
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- BleepingComputer: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
- industrialcyber.co: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- securityonline.info: Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt Typhoon).
- Industrial Cyber: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- SecureWorld News: Salt Typhoon Expands Espionage Campaign, Targets Cisco Routers
- Cisco Talos Blog: Weathering the storm: In the midst of a Typhoon
- cyberscoop.com: Cisco Talos observed the campaign targeting major U.S. telecommunication companies and observed the attackers primarily used legitimate login credentials to gain initial access, making detection and prevention difficult.
- cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
Classification:
- HashTags: #SaltTyhoon #CybersecurityThreats #TelecomAttacks
- Company: Cisco
- Target: Telecommunication Providers
- Attacker: Salt Typhoon
- Product: Cisco Routers
- Feature: Vulnerabilities in Cisco devic
- Type: Hack
- Severity: Major
@Full Disclosure - 17d
Apple has released security updates, iOS 18.3.1 and iPadOS 18.3.1, to address a vulnerability in USB Restricted Mode. The company warns that this flaw "may have been exploited in an extremely sophisticated attack against specific targeted individuals." This unusually strong language from Apple suggests the seriousness of the threat, as they typically use more reserved terms when describing exploited vulnerabilities. Security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School reported the flaw.
The vulnerability, identified as CVE-2025-24200, allows a physical attack to disable USB Restricted Mode on a locked device. USB Restricted Mode is a security feature introduced in iOS 11.4.1 that prevents USB accessories from accessing a device's data if it hasn't been unlocked for an hour. The new updates patch this flaw, preventing attackers from turning off the security feature. Users are advised to update their devices to iOS 18.3.1, iPadOS 18.3.1 or iPadOS 17.7.5 to mitigate the risk.
References :
- The Register - Security: Apple patch addresses the 'extremely sophisticated attack'.
- www.engadget.com: Information about Apple patching a vulnerability allowing for 'extremely sophisticated attack'.
Classification:
- HashTags: #Apple #Vulnerability #iOS
- Company: Apple
- Target: iPhones and iPads
- Product: iOS, iPadOS
- Feature: USB Restricted Mode
- Malware: CVE-2025-24200
- Type: Vulnerability
- Severity: Critical
|
|
FlagThis - #ios
