CyberSecurityBoard
Sponsor Register Login

Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks

Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. While credential theft remains their primary entry method, researchers confirmed exploitation of Cisco’s CVE-2018-0171 Smart Install Remote Code Execution vulnerability in at least one breach. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cisco stresses disabling non-essential services (Smart Install, Guest Shell) and enforcing NETCONF/RESTCONF encryption as critical safeguards against future LOTL-based attacks. Attackers exfiltrated configurations containing weakly encrypted SNMP community strings and local account credentials, enabling lateral movement through GRE tunnels and modified loopback interfaces. Cisco’s analysis revealed strategic use of network appliances as stealthy hop points for data exfiltration, with some intrusions targeting secondary telecoms solely to reach primary objectives. A critical security flaw in Sitevision CMS versions 10.3.1 and older has exposed SAML authentication signing keys, enabling potential authentication bypass and session hijacking. Cisco Talos has uncovered a sophisticated cyberespionage campaign by the state-aligned “Salt Typhoon” group targeting U.S. telecommunications infrastructure since late 2024. This Golang-based ELF binary creates encrypted packet capture chains through compromised Cisco Nexus devices’ Guest Shell environments. Despite partial success exploiting CVE-2018-0171, most intrusions relied on unpatched legacy systems and credential mismanagement rather than zero-day vulnerabilities. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Cisco’s forensic teams observed password decryption attacks against weak Type 4/5 hashes, emphasizing the need for Type 8 (PBKDF2-SHA-512) encryption. The attackers maintained persistent access for over three years in some networks, employing advanced living-off-the-land (LOTL) techniques across multi-vendor environments. Mitigation requires immediate patching of CVE-2018-0171 and related vulnerabilities (CVE-2023-20198, CVE-2024-20399), alongside radical hardening of TACACS+/RADIUS implementations. The campaign leverages stolen credentials and network device misconfigurations to pivot between telecom operators’ systems.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 22 Feb 2025 05:00:17 +0000


Cyber News related to Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks

Chinese hackers use custom malware to spy on US telecom networks - A primary component of the Salt Typhoon attacks was monitoring network activity and stealing data using packet-capturing tools like Tcpdump, Tpacap, Embedded Packet Capture, and a custom tool called JumbledPath. JumbledPath allowed Salt Typhoon ...
1 month ago Bleepingcomputer.com
CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
1 year ago Techtarget.com CVE-2023-27997 Volt Typhoon
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
Chinese hackers breach more US telecoms via unpatched Cisco routers - Iniskt Group advises network admins operating Internet-exposed Cisco IOS XE network devices to apply available security patches as soon as possible and avoid exposing administration interfaces or non-essential services directly to the Internet. These ...
1 month ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273
100+ Malicious IPs Actively Exploiting Vulnerabilities in Cisco Devices - The Cybersecurity and Infrastructure Security Agency (CISA) has released guidance for addressing the Cisco IOS XE Web UI vulnerabilities, noting that CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco’s IOS XE ...
1 month ago Cybersecuritynews.com CVE-2023-20198 CVE-2018-0171
Salt Typhoon Hackers Exploited 1000+ Cisco Devices to Gain Admin Access  - The campaign highlights the ongoing vulnerability of critical infrastructure and the strategic intelligence threats posed by state-backed cyber actors. Salt Typhoon’s exploitation of Cisco devices exemplifies the growing trend of targeting ...
2 months ago Cybersecuritynews.com
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports. As part of the observed attacks, the ...
1 year ago Securityweek.com CVE-2019-1653 CVE-2019-1652 Volt Typhoon
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
1 year ago Darkreading.com
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
1 year ago Securityboulevard.com BlackTech Volt Typhoon
HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats - Cybercriminals have attacked telecom infrastructure, particularly as it shifts to an IP-based design with the introduction of Long-Term Evolution networks, also referred to as LTE or 4G. Persistent attackers could spy on users' cellular networks and ...
1 year ago Cysecurity.news Inception
Silk Typhoon hackers now target IT supply chains to breach networks - Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that ...
1 month ago Bleepingcomputer.com CVE-2024-3400
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
10 months ago Darkreading.com
Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity - The portion of China's Volt Typhoon advanced persistent threat that focuses on infiltrating operational technology networks in critical infrastructure has already performed reconnaissance and enumeration of multiple US-based electric companies, while ...
1 year ago Darkreading.com Volt Typhoon
Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. While credential theft remains their primary entry method, researchers confirmed exploitation of Cisco’s CVE-2018-0171 Smart ...
1 month ago Cybersecuritynews.com CVE-2018-0171 CVE-2023-20198 CVE-2024-20399
Solaris SE partners with Salt Security - Salt Security, the leading API security company, today announced that Solaris SE, Europe's leading embedded finance platform, has deployed Salt Security's API Security Platform to secure the company's expanding API ecosystem. Solaris' technology ...
10 months ago Itsecurityguru.org
Chinese Volt Typhoon Hackers Exploiting Cisco & NetGear Routers To Compromise Organizations - Security researchers have identified Volt Typhoon deploying sophisticated techniques to compromise outdated Cisco RV320/325 and NetGear ProSafe routers, converting them into covert relay nodes for command-and-control operations. The Chinese ...
3 weeks ago Cybersecuritynews.com CVE-2024-39717 Volt Typhoon
Telecom Giant NTT Admits Hackers Accessed 18,000 Corporate Customers Data - NTT Com’s security team isolated both systems within hours of detection, but the delayed identification of the second breach suggests potential gaps in network segmentation (NIST SP 800-53 AC-4) and real-time anomaly detection. The telecom sector ...
1 month ago Cybersecuritynews.com CVE-2023-46805
The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure - The United States National Security Agency is often tight-lipped about its work and intelligence. At the Cyberwarcon security conference in Washington DC on Thursday, two members of the agency's Cybersecurity Collaboration Center had a "Call to ...
1 year ago Wired.com Volt Typhoon
Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet - US law enforcement has disrupted the infrastructure of the notorious China-sponsored cyberattack group known as Volt Typhoon. The state-backed group uses it as a launchpad for other attacks, particularly on US critical infrastructure, because the ...
1 year ago Darkreading.com Volt Typhoon
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
1 year ago Darkreading.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
1 year ago Feedpress.me
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
1 year ago Heimdalsecurity.com Volt Typhoon
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
1 year ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)