Security researchers say the group of hackers linked to Chinese government, Salt Typhoon, is continuing to compromise telecommunications providers, despite the latest sanctions imposed by the US government in the group.
In a split report with Techcrunch, the future threat intelligence firm said it had noticed Typhoon Salt – which the company traces as “Redmic” – violating five telecommunications firms between December 2024 and January 2025.
Salt Typhoon made titles last September after it was revealed that the group had infiltrated into several telephone and internet giants in the US, including AT&T and Verizon, to gain access to private communications by senior US government officials and political figures.
Salt Typhoon also hacked in systems used by law enforcement agencies for client data authorized collection, potentially entering sensitive data such as the identities of Chinese US supervision objectives.
The registered future refused to name the latest victims of Salt Typhoon, but said they include a US -based collaborator of a prominent telecommunications provider in the UK; A US Internet Service provider and telecommunications companies in Italy, South Africa and Thailand.
The hackers also carry out the detection-the detection and intelligence collection of information about a system-in many infrastructure assets operated by the Myanmar-based telecommunications provider, Mytel, according to the registered future.
To carry out these attacks, Typhoon Salt used two weaknesses (traced as Cve-20232-0198 and CVE-2013-20273) to compromise unfulfilled CISCO equipment that run Cisco iOS XE software. The group of hackers has tried to compromise more than 1,000 Cisco devices globally, focusing particularly on equipment associated with telecommunications providers networks, Future Future said.
The registered future said he had also noticed Typhoon Typhoon’s target equipment related to universities, including the University of California and Utah Tech. Researchers said the hacker group “probably aimed at these universities to use research in areas related to telecommunications, engineering and technology.”
The US government has sanctioned group -related companies. In January, the US Treasury Department aimed at the recent Chinese government hackers-told that it had sanctioned a China-based cyber security company known as Sichuan Juxinhe Network Technology, which he says is connected directly with Typhoon Salt.
Registered future scholars say that despite this action, he expects Typhoon Salt to continue to target telecommunications providers in the US and elsewhere.
