Summary: The Chinese state-sponsored APT actor Salt Typhoon has been exploiting vulnerabilities in Cisco devices in targeted attacks against telecommunications providers and universities globally. Despite prior sanctions and disclosures, the group has continued its activities, particularly utilizing two critical vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to gain persistent access to networks. Security experts are urging the telecommunications industry to prioritize the remediation of exposed network devices to mitigate risks from such threat actors.
Affected: Telecommunications providers and educational institutions globally
Keypoints :
- Salt Typhoon, linked to China’s Ministry of State Security, has targeted numerous telecommunications companies and universities since December 2024.
- The APT exploited CVE-2023-20198 and CVE-2023-20273 vulnerabilities in Cisco’s IOS XE platform, leading to over 1,000 attempted exploits on vulnerable devices.
- Organizations are advised to implement access controls, disable unnecessary web UI exposures, and monitor for unauthorized changes to safeguard their systems.