The Canadian Centre for Cyber Safety and the FBI verify that the Chinese language state-sponsored ‘Salt Storm’ hacking group can be focusing on Canadian telecommunication companies, breaching a telecom supplier in February.
In the course of the February 2025 incident, Salt Storm exploited the CVE-2023-20198 flaw, a important Cisco IOS XE vulnerability permitting distant, unauthenticated attackers to create arbitrary accounts and achieve admin-level privileges.
The flaw was first disclosed in October 2023, when it was reported that risk actors had exploited it as a zero-day to hack over 10,000 units.
Regardless of a big interval having handed, no less than one main telecommunications supplier in Canada nonetheless hadn’t patched, giving Salt Storm a straightforward approach to compromise units.
“Three community units registered to a Canadian telecommunications firm had been compromised by possible Salt Storm actors in mid-February 2025,” reads the bulletin.
“The actors exploited CVE-2023-20198 to retrieve the working configuration information from all three units and modified no less than one of many information to configure a GRE tunnel, enabling site visitors assortment from the community.”
In October 2024, following Salt Storm breaches on a number of American broadband suppliers, the Canadian authorities flagged reconnaissance exercise that focused dozens of key organizations within the nation.
No precise breaches had been confirmed on the time, and regardless of the calls to raise safety, some important service suppliers did not take the required motion.
The Cyber Centre notes that, primarily based on separate investigations and crowd-sourced intelligence, exercise possible tied to Salt Storm extends past the telecommunications sector, focusing on a number of different industries.
In lots of instances, the exercise is proscribed to reconnaissance, although the information stolen from inside networks can be utilized for lateral motion or provide chain assaults.
The Cyber Centre warned that the assaults in opposition to Canadian organizations “will virtually definitely proceed” over the subsequent two years, urging important organizations to guard their networks.
Telecommunication service suppliers who deal with useful knowledge, similar to name metadata, subscriber location knowledge, SMS contents, and authorities/political communications, are prime targets for state-sponsored espionage teams.
Their assaults usually goal edge units on the community perimeter, routers, firewalls, and VPN home equipment, whereas MSPs and cloud distributors are additionally focused for oblique assaults on their prospects.
The Cyber Centre’s bulletin lists assets offering edge system hardening directions for important infrastructure operators.
Salt Storm assaults have impacted a number of telecom corporations in dozens of nations, together with AT&T, Verizon, Lumen, Constitution Communications, Consolidated Communications, and Windstream.
Final week, Viasat additionally confirmed that Salt Storm had breached them, however buyer knowledge was not impacted.
Patching used to imply complicated scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, scale back overhead, and deal with strategic work — no complicated scripts required.
