Summary: Salt Typhoon, a sophisticated Chinese APT, has recently compromised over a thousand Cisco devices across various telecommunications organizations and universities globally, exploiting critical vulnerabilities. This cyberattack campaign, spanning continents, underscores the ongoing threat posed by advanced persistent threats, aimed primarily at gaining access to sensitive networks for espionage or potential disruption. While primarily affecting telecommunications, the campaign also targeted academic institutions conducting significant research in related fields.
Affected: Telecommunications companies, ISPs, and universities worldwide
Keypoints :
- Salt Typhoon has targeted major U.S. telecommunications providers, eavesdropping on sensitive communications.
- Two critical vulnerabilities in Cisco’s IOS XE, CVE-2023-20198 and CVE-2023-20273, were exploited to gain unauthorized access and control over devices.
- The attack campaign affected organizations across over 100 countries, with a significant number of compromises in South America, India, and the U.S.
- Thirteen universities, including UCLA, were among the victims, highlighting the widespread risk to academic research networks.
- Salt Typhoonβs actions raise concerns about the potential use of compromised networks for espionage or disruptive operations in geopolitical conflicts.