Salt Typhoon hackers breach telecommunications firms despite us sanctions

Security researchers are alerting the telecommunications industry about the ongoing activities of the Chinese government-linked hacking group known as Salt Typhoon. This group is reportedly infiltrating telecom firms despite extensive sanctions imposed by the U.S. government. A recent report from the threat intelligence firm Recorded Future highlights that between December 2024 and January 2025, Salt Typhoon breached at least five telecommunications providers.

The group’s activity made headlines last September when it was discovered they had penetrated major U.S. companies like AT&T and Verizon. This intrusion allowed access to the private communications of senior U.S. government officials and other influential political figures. Alarmingly, they also hacked systems used by law enforcement for court-authorized data collection, potentially gaining sensitive information about individuals under U.S. surveillance, particularly those linked to China.

Recorded Future has chosen not to disclose the names of the latest victims but confirmed they include a U.S. affiliate of a major U.K. telecommunications provider, an American internet service provider, and several telecommunications firms located in Italy, South Africa, and Thailand. The group conducted reconnaissance on various infrastructure assets operated by Myanmar’s Mytel, suggesting a methodical approach to targeting their next moves.

To facilitate their hacking efforts, Salt Typhoon exploited two significant vulnerabilities in Cisco devices, identified as CVE-20232-0198 and CVE-2023-20273. Over 1,000 Cisco devices worldwide were attacked, with a particular focus on those associated with telecommunications networks. This points to Salt Typhoon’s strategic priority of undermining telecom infrastructure essential for national security.

Moreover, researchers noted that the group also targeted devices connected to academic institutions like the University of California and Utah Tech. This suggests a malicious intent to access critical research linked to telecommunications and technology advancements.

In response to these breaches, the U.S. Treasury Department has sanctioned entities connected with Salt Typhoon. In January, the department specifically targeted Sichuan Juxinhe Network Technology, a cybersecurity firm alleged to have ties to the hacking group. Despite these actions, experts from Recorded Future assert that Salt Typhoon is likely to persist in its efforts against telecommunications firms both in the U.S. and around the globe.

The continued operation of Salt Typhoon serves as a stark reminder of the vulnerabilities present in critical telecommunications infrastructure and the ongoing cyber threats from nation-state actors. As technology and cyber warfare evolve, the imperative for robust security measures becomes ever more critical for organizations in this space. It is essential for the telecommunications sector to remain vigilant and invest in superior security protocols to mitigate the threat posed by sophisticated hacking groups like Salt Typhoon.