The Chinese state-funded hacking group Salt Typhoon has launched a new wave of cyber attacks on the US telecommunications providers by using weak points in non-incorrect Cisco iOS XE network devices. These violations that affect large companies such as AT&T, Verizon and T-Mobile have triggered serious national security concerns because hackers receive unauthorized access to sensitive data, including call-up protocols and text messages.
Massive Cyber Breach aims at a critical infrastructure
According to cybersecurity researchers from the Insikt group of the recorded Future, Salt Typhoon (also pursued as Redmike) has actively aimed on telecommunications networks. Between December 2024 and January 2025, the group aimed over 1,000 Cisco network devices, with more than half in the USA, South America and India. The hackers used two critical security gaps on CVE 2023-20198 (privilege escalation) and CVE-2023-20273 (web-UI command injection)-to avoid them to bypass security controls and to determine continued access to compromised networks .
By using these vulnerabilities, Salt Typhoon Cisco devices have configured to communicate with encrypted tunnels with their own command and control servers. This method enables long -term infiltration and the potential to intercept sensitive communication without recognition. Researchers have identified at least 12,000 exposed Cisco devices worldwide, which makes this a widespread and persistent threat.
Government and security experts grant the alarm
These violations are part of a wider cyber espionage campaign confirmed by the FBI and CISA in October 2024. The attacks have affected the private communications of a limited number of US government officials and reports reported access to the US criminal investigation authority. In addition to the US telecommunications providers, Salt Typhoon also infiltrated a subsidiary of a British telecommunications company, a South African telecommunications company, an Italian ISP and a large telecommunications provider in Thailand.
Salt Typhoon, also known as Famoussparrow and Ghost emperor, has been running cyber espionage campaigns against telecommunications companies and state companies since at least 2019.
Urgent call to cyber security measures
Security experts ask telecommunications providers to apply the latest security patches immediately to prevent further violations. Cisco has published several advisories that warn companies to update their software and close well -known vulnerabilities. However, a significant number of devices no longer remain no longer a spatched, so that they remain open to exploitation.
“The scale and persistence of these attacks underline the urgent need for improved cyber security defense in the telecommunications sector,” said a Cisco spokesman. “Organizations have to prioritize the patching known weaknesses and follow the best practice for securing network management interfaces.”
Salt Typhoon's persistent cyber attacks increase concerns about the growing threat from state-funded hacking groups. Since the telecommunications infrastructure is increasingly besieged, experts warn that the failure to act quickly could lead to widespread disorders and deeper security breaches.