The Canadian Centre for Cyber Safety and the FBI affirm that the Chinese language state-sponsored ‘Salt Storm’ hacking group can be concentrating on Canadian telecommunication companies, breaching a telecom supplier in February.
Throughout the February 2025 incident, Salt Storm exploited the CVE-2023-20198 flaw, a important Cisco IOS XE vulnerability permitting distant, unauthenticated attackers to create arbitrary accounts and achieve admin-level privileges.
The flaw was first disclosed in October 2023, when it was reported that risk actors had exploited it as a zero-day to hack over 10,000 gadgets.
Regardless of a big interval having handed, a minimum of one main telecommunications supplier in Canada nonetheless hadn’t patched, giving Salt Storm a simple solution to compromise gadgets.
“Three community gadgets registered to a Canadian telecommunications firm have been compromised by possible Salt Storm actors in mid-February 2025,” reads the bulletin.
“The actors exploited CVE-2023-20198 to retrieve the working configuration information from all three gadgets and modified a minimum of one of many information to configure a GRE tunnel, enabling site visitors assortment from the community.”
In October 2024, following Salt Storm breaches on a number of American broadband suppliers, the Canadian authorities flagged reconnaissance exercise that focused dozens of key organizations within the nation.
No precise breaches have been confirmed on the time, and regardless of the calls to raise safety, some important service suppliers did not take the required motion.
The Cyber Centre notes that, based mostly on separate investigations and crowd-sourced intelligence, exercise possible tied to Salt Storm extends past the telecommunications sector, concentrating on a number of different industries.
In lots of circumstances, the exercise is restricted to reconnaissance, although the information stolen from inner networks can be utilized for lateral motion or provide chain assaults.
The Cyber Centre warned that the assaults towards Canadian organizations “will nearly definitely proceed” over the following two years, urging important organizations to guard their networks.
Telecommunication service suppliers who deal with priceless knowledge, resembling name metadata, subscriber location knowledge, SMS contents, and authorities/political communications, are prime targets for state-sponsored espionage teams.
Their assaults sometimes goal edge gadgets on the community perimeter, routers, firewalls, and VPN home equipment, whereas MSPs and cloud distributors are additionally focused for oblique assaults on their clients.
The Cyber Centre’s bulletin lists assets offering edge gadget hardening directions for important infrastructure operators.
Salt Storm assaults have impacted a number of telecom corporations in dozens of nations, together with AT&T, Verizon, Lumen, Constitution Communications, Consolidated Communications, and Windstream.
Final week, Viasat additionally confirmed that Salt Storm had breached them, however buyer knowledge was not impacted.
Patching used to imply advanced scripts, lengthy hours, and countless fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, scale back overhead, and concentrate on strategic work — no advanced scripts required.
