Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday.
“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,” officials for the center, the Canadian government’s primary cybersecurity agency, said in a statement. “The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.” The FBI issued its own nearly identical statement.
A major security lapse
Salt Typhoon is the name researchers and government officials use to track one of several discreet groups known to hack nations all over the world on behalf of the People’s Republic of China. In October 2023, researchers disclosed that hackers had backdoored more than 10,000 Cisco devices by exploiting CVE-2023-20198, a vulnerability with a maximum severity rating of 10.
Any switch, router, or wireless LAN controller running Cisco’s iOS XE that had the HTTP or HTTPS server feature enabled and exposed to the Internet was vulnerable. Cisco released a security patch about a week after security firm VulnCheck published its report.
Salt Typhoon has been linked to hacks last year that compromised multiple US-based telecom companies, including Verizon and AT&T. The Wall Street Journal, citing unnamed officials, said the hackers likely used their monthslong covert access to monitor wiretap systems the companies employ on behalf of governmental agencies. Salt Typhoon members also had access to other types of Internet traffic, the WSJ reported.
