@www.yahoo.com
//
The China-linked Salt Typhoon hacking group successfully launched a cyber espionage campaign targeting major telecommunications companies AT&T and Verizon. The attackers aimed to gather foreign intelligence, although both companies have stated that their networks are now secure. This incident highlights the ongoing threat of state-sponsored cyber espionage targeting critical infrastructure and telecommunications providers. The initial breach was achieved by exploiting vulnerabilities in network infrastructure, and although the networks are now secure, it emphasizes the need for continuous monitoring and robust security measures to detect and mitigate these threats.
Recommended read:
References :
- Threats | CyberScoop: White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
- fortune.com: Chinese spies infiltrated yet another U.S. telecom and accessed private conversations, White House says
- BleepingComputer: A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
- techhub.social: The US says it has identified a ninth telecom company impacted by the Salt Typhoon hacks, and the number of individuals directly impacted is "less than 100"
- www.bleepingcomputer.com: A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
- www.techmeme.com: The US says it has identified a ninth telecom company impacted by the Salt Typhoon hacks, and the number of individuals directly impacted is "less than 100"
- Pyrzout :vm:: A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says -State
- www.techmeme.com: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
- Techmeme: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
- Bloomberg Technology: AT&T and Verizon say their networks are now clear after the Salt Typhoon intrusion; AT&T says a few "individuals of foreign intelligence interest" were targeted (Kelcee Griffis/Bloomberg)
- gbhackers.com: AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles
- www.yahoo.com: Chinese Salt Typhoon cyberespionage targets AT&T, Verizon but networks secure, carriers say
- securityaffairs.com: China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm
- gbhackers.com: AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles
- BleepingComputer: AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.
- techcrunch.com: TechCrunch article on AT&T and Verizon saying networks are secure after being breached by China-linked Salt Typhoon hackers.
- cyberinsider.com: AT&T and Verizon Declare Networks Secure After Salt Typhoon Attacks
- techcrunch.com: Verizon says it has secured its network after breach by China-linked Salt Typhoon group
- www.bleepingcomputer.com: AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.
- Zack Whittaker: New by : U.S. phone giants AT&T and Verizon say their networks are free from the Salt Typhoon hackers. Both networks said a few customers had their communications compromised during the hacking campaign.
- systemweakness.com: What we learned from salt typhoon telecoms operation
- Cord Cutters News: AT&T & Verizon Confirm Security Breach, But Assure Customers That The Networks Are Now Secure
- CyberInsider: CyberInsider article on AT&T and Verizon declaring networks secure after Salt Typhoon attacks.
- CNET: CNet article on AT&T and Verizon declaring their networks secure amid Salt Typhoon cyberattack.
- Latest from TechRadar: TechRadar article on AT&T and Verizon saying they're free of Salt Typhoon hacks at last.
- The Register: More telcos confirm Salt Typhoon breaches as White House weighs in The intrusions allowed Beijing to 'geolocate millions of individuals' AT&T, Verizon, and Lumen Technologies confirmed that Chinese government-backed snoops accessed portions of their systems earlier this year, while the White House added another, yet-unnamed telecommunications company to the list of those bre…
- go.theregister.com: More telcos confirm Salt Typhoon breaches as White House weighs in
- Hacker News: More telcos confirm Salt Typhoon breaches as White House weighs in L: C: posted on 2024.12.30 at 20:52:06 (c=0, p=5)
- www.theregister.com: More telcos confirm Salt Typhoon breaches as White House weighs in L: C: posted on 2024.12.30 at 20:52:06 (c=0, p=5)
- malware.news: Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise
- The Register - Security: More telcos confirm Salt Typhoon breaches as White House weighs in
- Strypey: "This week the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) and partner agencies in New Zealand, Australia and Canada began advocating for the use of end-to-end encrypted (E2EE) communications. The move is in reaction to law enforcement backdoors in the public telephone network - including AT&T, Verizon and T-Mobile - being hijacked by Salt Typhoon; a cyberattack group believed to be operated by the Chinese government."
- www.scworld.com: Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise
- ciso2ciso.com: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
- techcrunch.com: US telco Lumen says its network is now clear of China’s Salt Typhoon hackers
- ciso2ciso.com: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
- Pyrzout :vm:: More telcos confirm Salt Typhoon breaches as White House weighs in – Source: go.theregister.com
@cyberscoop.com
//
The Chinese nation-state hacking group Salt Typhoon, despite facing US sanctions, continues to actively target telecommunications providers. Between December 2024 and January 2025, Recorded Future observed Salt Typhoon breaching five telecom firms, including a US-based affiliate of a UK telecom provider, a US internet service provider, and companies in Italy, South Africa, and Thailand. The group also performed reconnaissance on a Myanmar-based telecom provider.
Salt Typhoon exploited vulnerabilities in Cisco IOS XE software, specifically CVE-2023-20198 and CVE-2023-20273, to compromise unpatched Cisco devices. They attempted to compromise over 1,000 Cisco routers globally, focusing on those within telecom networks. Additionally, Salt Typhoon targeted universities, including the University of California and Utah Tech, potentially seeking access to research related to telecommunications and engineering.
Recommended read:
References :
- cyberscoop.com: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- The Register - Security: More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
- Carly Page: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions. Recorded Future says Salt Typhoon breached five firms between December and January, including a US affiliate of a prominent UK provider and a US-based ISP
- techcrunch.com: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions.
- www.wired.com: Wired's coverage of Salt Typhoon's ongoing hacking activities.
- Threats | CyberScoop: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- cyberinsider.com: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- securebulletin.com: RedMike (Salt Typhoon) continues global Telecom attacks
- CyberInsider: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- Secure Bulletin: Report on RedMike's continued attacks on telecom providers.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks [exp] [net]
- Talkback Resources: Chinese state-sponsored APT group Salt Typhoon targets telecommunications providers and universities by exploiting Cisco vulnerabilities, creating privileged accounts, bypassing firewalls, and exfiltrating data using GRE tunnels, prompting organizations to patch devices, enforce access controls, and monitor for unauthorized changes.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- PCMag UK security: China's Salt Typhoon Spies Are Still Eavesdropping on Global Networks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks – Source: www.securityweek.com
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- BleepingComputer: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
- industrialcyber.co: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- securityonline.info: Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt Typhoon).
- Industrial Cyber: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- SecureWorld News: Salt Typhoon Expands Espionage Campaign, Targets Cisco Routers
- Cisco Talos Blog: Weathering the storm: In the midst of a Typhoon
- cyberscoop.com: Cisco Talos observed the campaign targeting major U.S. telecommunication companies and observed the attackers primarily used legitimate login credentials to gain initial access, making detection and prevention difficult.
- cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
Pierluigi Paganini@securityaffairs.com
//
A new ransomware group named Arkana Security is claiming responsibility for breaching WideOpenWest (WOW!), one of the largest U.S. cable and broadband providers. Arkana Security also claims the hack of US telco provider WideOpenWest (WOW!). This nascent ransomware gang’s breach purportedly compromised over 403,000 WOW! user accounts, pilfering data, including full names, usernames, salted passwords, email addresses, login histories, and security questions and answers.
The attackers boast of full backend control and have even created a music video montage to demonstrate their level of access. Additionally, they claim to have exfiltrated a separate CSV file with 2.2 million records, including names, addresses, phone numbers, and devices. While WOW! has yet to acknowledge Arkana Security's claims, threat researchers traced the attack's origins to an infostealer infection in September last year that enabled access to WOW!'s critical systems.
Recommended read:
References :
- Cyber Security News: The largest US internet provider, WideOpenWest (WOW!), is allegedly compromised by Arkana Security, a recently discovered ransomware group.
- securityaffairs.com: Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!), stealing customer data.
- www.scworld.com: WideOpenWest purportedly breached by nascent ransomware gang
- CyberInsider: Arkana ransomware group has claimed responsibility for breaching WideOpenWest (WOW!), one of the largest U.S. cable and broadband providers.
- BleepingComputer: The new ransomware group Arkana Security claims to have hacked US telecom provider WOW!, stealing customer data.
- Information Security Buzz: A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US. The malicious actors boasted they had full backend control and even put a music video montage together to illustrate exactly how much access they had.
- DataBreaches.Net: A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)
- PCMag UK security: Hacking group Arkana Security gives WideOpenWest (WOW!) until 5 p.m. PST today to pay a ransom, or it will sell customer data to the highest bidder. WOW! says it's investigating.
drewt@secureworldexpo.com (Drew Todd)@SecureWorld News
//
The Chinese state-sponsored hacking group Salt Typhoon is expanding its espionage campaign, targeting U.S. telecommunication providers and other networks globally. The group, active since at least 2019, has been breaching major companies like AT&T, Verizon, and Lumen Technologies. Between December 2024 and January 2025, Salt Typhoon compromised additional telecom networks across the globe. The attacks involve a custom utility called JumbledPath, used to stealthily monitor network traffic and potentially capture sensitive data.
Salt Typhoon gains initial access through stolen credentials and exploiting vulnerabilities in Cisco routers. Specifically, they target internet-exposed Cisco network routers, leveraging CVE-2023-20198 and CVE-2023-20273 to escalate privileges and gain root access. Once inside, they extract credentials by intercepting authentication traffic, modify network configurations, and create hidden accounts to maintain persistent access. The group's objectives include intercepting sensitive communications, tracking political activists, and stealing research from academic institutions.
Recommended read:
References :
- bsky.app: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- BleepingComputer: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
- www.bleepingcomputer.com: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- Anonymous ???????? :af:: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- BleepingComputer: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- Carly Page: state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.
- Blog: New Details: Salt Typhoon Used Leaked Creds in Telecom Attack
- SecureWorld News: Chinese cyber espionage group
Salt Typhoon has made headlines in the last year, breaching major , including AT&T, Verizon, and Lumen Technologies.
- cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
- www.bleepingcomputer.com: Chinese hackers breach more U.S. telecoms via unpatched Cisco routers
- gbhackers.com: Gbhackers news on Salt Typhoon Hackers Exploit Cisco Vulnerability
- www.the420.in: The 420 news on Chinese Hackers Target US Telecom Giants
@www.bleepingcomputer.com
//
Chinese APT groups are actively targeting U.S. telecom providers and European healthcare organizations using sophisticated cyberattacks. The attacks involve custom malware, such as JumbledPath used by Salt Typhoon to spy on U.S. telecom networks, and the exploitation of vulnerabilities like the Check Point flaw (CVE-2024-24919). These campaigns are characterized by the deployment of advanced tools like ShadowPad and NailaoLocker ransomware, indicating a blend of espionage and financially-motivated cybercrime.
These threat actors gain initial access through exploited vulnerabilities, then move laterally within the networks using techniques like RDP to obtain elevated privileges. The attackers then deploy ShadowPad and PlugX, before deploying the NailaoLocker ransomware in the final stages, encrypting files and demanding Bitcoin payments. These findings highlight the evolving tactics of Chinese APT groups and the challenges in attributing these attacks, given the blurring lines between state-sponsored espionage and financially driven operations.
Recommended read:
References :
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
- The Hacker News: Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
- www.bleepingcomputer.com: Salt Typhoon uses JumbledPath malware to spy on US telecom networks
|
|
FlagThis - #telecom