@www.yahoo.com
//
The China-linked Salt Typhoon hacking group successfully launched a cyber espionage campaign targeting major telecommunications companies AT&T and Verizon. The attackers aimed to gather foreign intelligence, although both companies have stated that their networks are now secure. This incident highlights the ongoing threat of state-sponsored cyber espionage targeting critical infrastructure and telecommunications providers. The initial breach was achieved by exploiting vulnerabilities in network infrastructure, and although the networks are now secure, it emphasizes the need for continuous monitoring and robust security measures to detect and mitigate these threats.
Recommended read:
References :
- Threats | CyberScoop: White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
- Fortune | FORTUNE: Chinese spies infiltrated yet another U.S. telecom and accessed private conversations, White House says
- BleepingComputer: A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
- Techmeme: The US says it has identified a ninth telecom company impacted by the Salt Typhoon hacks, and the number of individuals directly impacted is "less than 100"
- www.bleepingcomputer.com: A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
- Techmeme: The US says it has identified a ninth telecom company impacted by the Salt Typhoon hacks, and the number of individuals directly impacted is "less than 100"
- Pyrzout :vm:: A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says -State
- www.techmeme.com: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
- Techmeme: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
- Bloomberg Technology: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
- gbhackers.com: AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles
- www.yahoo.com: Chinese Salt Typhoon cyberespionage targets AT&T, Verizon but networks secure, carriers say
- securityaffairs.com: China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm
- gbhackers.com: AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles
- BleepingComputer: AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.
- techcrunch.com: TechCrunch article on AT&T and Verizon saying networks are secure after being breached by China-linked Salt Typhoon hackers.
- cyberinsider.com: AT&T and Verizon Declare Networks Secure After Salt Typhoon Attacks
- techcrunch.com: Verizon says it has secured its network after breach by China-linked Salt Typhoon group
- www.bleepingcomputer.com: AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.
- Zack Whittaker: New by : U.S. phone giants AT&T and Verizon say their networks are free from the Salt Typhoon hackers. Both networks said a few customers had their communications compromised during the hacking campaign.
- systemweakness.com: What we learned from salt typhoon telecoms operation
- Cord Cutters News: AT&T & Verizon Confirm Security Breach, But Assure Customers That The Networks Are Now Secure
- CyberInsider: CyberInsider article on AT&T and Verizon declaring networks secure after Salt Typhoon attacks.
- CNET: CNet article on AT&T and Verizon declaring their networks secure amid Salt Typhoon cyberattack.
- Latest from TechRadar: TechRadar article on AT&T and Verizon saying they're free of Salt Typhoon hacks at last.
- The Register: More telcos confirm Salt Typhoon breaches as White House weighs in The intrusions allowed Beijing to 'geolocate millions of individuals' AT&T, Verizon, and Lumen Technologies confirmed that Chinese government-backed snoops accessed portions of their systems earlier this year, while the White House added another, yet-unnamed telecommunications company to the list of those bre…
- go.theregister.com: More telcos confirm Salt Typhoon breaches as White House weighs in
- Hacker News: More telcos confirm Salt Typhoon breaches as White House weighs in L: C: posted on 2024.12.30 at 20:52:06 (c=0, p=5)
- www.theregister.com: More telcos confirm Salt Typhoon breaches as White House weighs in L: C: posted on 2024.12.30 at 20:52:06 (c=0, p=5)
- malware.news: Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise
- The Register - Security: More telcos confirm Salt Typhoon breaches as White House weighs in
- Strypey: "This week the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) and partner agencies in New Zealand, Australia and Canada began advocating for the use of end-to-end encrypted (E2EE) communications. The move is in reaction to law enforcement backdoors in the public telephone network - including AT&T, Verizon and T-Mobile - being hijacked by Salt Typhoon; a cyberattack group believed to be operated by the Chinese government."
- www.scworld.com: Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise
- ciso2ciso.com: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
- techcrunch.com: US telco Lumen says its network is now clear of China’s Salt Typhoon hackers
- ciso2ciso.com: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
- Pyrzout :vm:: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
MalBot@malware.news
//
The US Treasury Department has sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe Network Technology Co., and a Shanghai-based hacker, Yin Kecheng, for their involvement in significant cyberattacks. These attacks compromised sensitive systems at the Treasury Department and major US telecommunication companies and ISPs. Sichuan Juxinhe is linked to the Salt Typhoon hacking group, which has infiltrated numerous US telecom companies and ISPs intercepting sensitive data from high-value political officials and communication platforms. Yin Kecheng, connected to the Chinese Ministry of State Security (MSS), is associated with the recent breach of the Treasury's network, impacting systems involved in sanctions and foreign investment reviews.
The Treasury's systems, including those used by Secretary Janet Yellen, were accessed during the breach resulting in the theft of over 3,000 files. The stolen data included policy documents, organizational charts, and information on sanctions and foreign investment. The cyber activity has been attributed to the Salt Typhoon group, alongside a related group known as Silk Typhoon (formerly Hafnium), which exploited vulnerabilities in Microsoft Exchange Server and used compromised APIs. The Treasury Department stated that it will continue using its authority to hold accountable malicious actors that target American people and the US government.
Recommended read:
References :
- malware.news: US Sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks
- The Hacker News: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
- BleepingComputer: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
- ciso2ciso.com: US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches – Source: www.darkreading.com
- ciso2ciso.com: US sanctions Chinese hacker & firm for Treasury, critical infrastructure breaches
- : U.S. Treasury : Treasury's OFAC is sanctioning Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent Department of the Treasury network compromise.
- ciso2ciso.com: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon – Source:thehackernews.com
- www.bleepingcomputer.com: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
- securityaffairs.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
- ciso2ciso.com: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
- Pyrzout :vm:: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
- ciso2ciso.com: The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.
- www.tomshardware.com: News report on Chinese hackers infiltrating US Treasury Secretary's PC and gaining access to over 400 PCs.
- ciso2ciso.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
- www.nextgov.com: US Treasury Department sanctions imposed for Salt Typhoon's involvement.
- www.nextgov.com: The Treasury Department's sanctions follow a major hack targeting telecommunications companies and potentially impacting high-value political officials.
- Threats | CyberScoop: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks.
- cyberscoop.com: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks
- thecyberexpress.com: U.S. Treasury sanctions Salt Typhoon hackers
- www.csoonline.com: The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.
- Security Affairs: The US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD.
- Security Boulevard: U.S. Treasury Sanctions Chinese Individual, Company for Data Breaches
@cyberscoop.com
//
The Chinese nation-state hacking group Salt Typhoon, despite facing US sanctions, continues to actively target telecommunications providers. Between December 2024 and January 2025, Recorded Future observed Salt Typhoon breaching five telecom firms, including a US-based affiliate of a UK telecom provider, a US internet service provider, and companies in Italy, South Africa, and Thailand. The group also performed reconnaissance on a Myanmar-based telecom provider.
Salt Typhoon exploited vulnerabilities in Cisco IOS XE software, specifically CVE-2023-20198 and CVE-2023-20273, to compromise unpatched Cisco devices. They attempted to compromise over 1,000 Cisco routers globally, focusing on those within telecom networks. Additionally, Salt Typhoon targeted universities, including the University of California and Utah Tech, potentially seeking access to research related to telecommunications and engineering.
Recommended read:
References :
- cyberscoop.com: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- The Register - Security: More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
- Carly Page: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions. Recorded Future says Salt Typhoon breached five firms between December and January, including a US affiliate of a prominent UK provider and a US-based ISP
- techcrunch.com: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions.
- www.wired.com: Wired's coverage of Salt Typhoon's ongoing hacking activities.
- Threats | CyberScoop: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- cyberinsider.com: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- securebulletin.com: RedMike (Salt Typhoon) continues global Telecom attacks
- CyberInsider: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- Secure Bulletin: Report on RedMike's continued attacks on telecom providers.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks [exp] [net]
- Talkback Resources: Chinese state-sponsored APT group Salt Typhoon targets telecommunications providers and universities by exploiting Cisco vulnerabilities, creating privileged accounts, bypassing firewalls, and exfiltrating data using GRE tunnels, prompting organizations to patch devices, enforce access controls, and monitor for unauthorized changes.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- PCMag UK security: China's Salt Typhoon Spies Are Still Eavesdropping on Global Networks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks – Source: www.securityweek.com
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- BleepingComputer: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
- industrialcyber.co: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- securityonline.info: Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt Typhoon).
- Industrial Cyber: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- SecureWorld News: Salt Typhoon Expands Espionage Campaign, Targets Cisco Routers
- Cisco Talos Blog: Weathering the storm: In the midst of a Typhoon
- cyberscoop.com: Cisco Talos observed the campaign targeting major U.S. telecommunication companies and observed the attackers primarily used legitimate login credentials to gain initial access, making detection and prevention difficult.
- cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
drewt@secureworldexpo.com (Drew Todd)@SecureWorld News
//
The Chinese state-sponsored hacking group Salt Typhoon is expanding its espionage campaign, targeting U.S. telecommunication providers and other networks globally. The group, active since at least 2019, has been breaching major companies like AT&T, Verizon, and Lumen Technologies. Between December 2024 and January 2025, Salt Typhoon compromised additional telecom networks across the globe. The attacks involve a custom utility called JumbledPath, used to stealthily monitor network traffic and potentially capture sensitive data.
Salt Typhoon gains initial access through stolen credentials and exploiting vulnerabilities in Cisco routers. Specifically, they target internet-exposed Cisco network routers, leveraging CVE-2023-20198 and CVE-2023-20273 to escalate privileges and gain root access. Once inside, they extract credentials by intercepting authentication traffic, modify network configurations, and create hidden accounts to maintain persistent access. The group's objectives include intercepting sensitive communications, tracking political activists, and stealing research from academic institutions.
Recommended read:
References :
- bsky.app: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- BleepingComputer: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
- www.bleepingcomputer.com: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- Anonymous ???????? :af:: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- BleepingComputer: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- Carly Page: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- Blog: New Details: Salt Typhoon Used Leaked Creds in Telecom Attack
- SecureWorld News: Chinese cyber espionage group
Salt Typhoon has made headlines in the last year, breaching major , including AT&T, Verizon, and Lumen Technologies.
- cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
- www.bleepingcomputer.com: Chinese hackers breach more U.S. telecoms via unpatched Cisco routers
- gbhackers.com: Gbhackers news on Salt Typhoon Hackers Exploit Cisco Vulnerability
- www.the420.in: The 420 news on Chinese Hackers Target US Telecom Giants
@www.bleepingcomputer.com
//
Chinese APT groups are actively targeting U.S. telecom providers and European healthcare organizations using sophisticated cyberattacks. The attacks involve custom malware, such as JumbledPath used by Salt Typhoon to spy on U.S. telecom networks, and the exploitation of vulnerabilities like the Check Point flaw (CVE-2024-24919). These campaigns are characterized by the deployment of advanced tools like ShadowPad and NailaoLocker ransomware, indicating a blend of espionage and financially-motivated cybercrime.
These threat actors gain initial access through exploited vulnerabilities, then move laterally within the networks using techniques like RDP to obtain elevated privileges. The attackers then deploy ShadowPad and PlugX, before deploying the NailaoLocker ransomware in the final stages, encrypting files and demanding Bitcoin payments. These findings highlight the evolving tactics of Chinese APT groups and the challenges in attributing these attacks, given the blurring lines between state-sponsored espionage and financially driven operations.
Recommended read:
References :
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
- The Hacker News: Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
- www.bleepingcomputer.com: Salt Typhoon uses JumbledPath malware to spy on US telecom networks
@ciso2ciso.com
//
The Chinese APT group Salt Typhoon continues to exploit a critical vulnerability in Microsoft Exchange Servers, despite a patch being available for almost four years. A staggering 91% of at-risk Exchange servers remain unpatched, leaving them exposed to exploitation. This negligence allows the attackers to gain initial access to networks, enabling lateral movement and data exfiltration, potentially leading to data breaches and further system compromises. This specific vulnerability, known as ProxyLogon (CVE-2021-26855), has been a long-term target and was first disclosed by Microsoft in March 2021, with warnings that it was being used to achieve remote code execution.
Salt Typhoon maintains a stealthy presence on victim networks using custom malware such as GhostSpider, SnappyBee, and the Masol remote access trojan to establish persistence. The group targets well-known vulnerabilities for initial access, and their methods include using the Demodex rootkit to remain hidden. Despite repeated warnings from law enforcement and private sector security firms, the vast majority of public-facing Microsoft Exchange Server instances remain unpatched. The continued exploitation of this flaw highlights the ongoing challenge of patching critical systems and ensuring organizations apply available security updates.
Recommended read:
References :
- ciso2ciso.com: One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers – Source: go.theregister.com
- Pyrzout :vm:: One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers – Source: go.theregister.com
- ciso2ciso.com: One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers – Source: go.theregister.com
|
|
FlagThis - #salttyphoon