The Canadian Centre for Cyber Safety and the FBI verify that the Chinese language state-sponsored ‘Salt Storm’ hacking group can be concentrating on Canadian telecommunication companies, breaching a telecom supplier in February.
Throughout the February 2025 incident, Salt Storm exploited the CVE-2023-20198 flaw, a vital Cisco IOS XE vulnerability permitting distant, unauthenticated attackers to create arbitrary accounts and acquire admin-level privileges.
The flaw was first disclosed in October 2023, when it was reported that risk actors had exploited it as a zero-day to hack over 10,000 gadgets.
Regardless of a big interval having handed, at the very least one main telecommunications supplier in Canada nonetheless hadn’t patched, giving Salt Storm a simple method to compromise gadgets.
“Three community gadgets registered to a Canadian telecommunications firm had been compromised by seemingly Salt Storm actors in mid-February 2025,” reads the bulletin.
“The actors exploited CVE-2023-20198 to retrieve the working configuration recordsdata from all three gadgets and modified at the very least one of many recordsdata to configure a GRE tunnel, enabling site visitors assortment from the community.”
In October 2024, following Salt Storm breaches on a number of American broadband suppliers, the Canadian authorities flagged reconnaissance exercise that focused dozens of key organizations within the nation.
No precise breaches had been confirmed on the time, and regardless of the calls to raise safety, some vital service suppliers did not take the required motion.
The Cyber Centre notes that, primarily based on separate investigations and crowd-sourced intelligence, exercise seemingly tied to Salt Storm extends past the telecommunications sector, concentrating on a number of different industries.
In lots of instances, the exercise is restricted to reconnaissance, although the information stolen from inside networks can be utilized for lateral motion or provide chain assaults.
The Cyber Centre warned that the assaults in opposition to Canadian organizations “will virtually definitely proceed” over the following two years, urging vital organizations to guard their networks.
Telecommunication service suppliers who deal with invaluable knowledge, equivalent to name metadata, subscriber location knowledge, SMS contents, and authorities/political communications, are prime targets for state-sponsored espionage teams.
Their assaults sometimes goal edge gadgets on the community perimeter, routers, firewalls, and VPN home equipment, whereas MSPs and cloud distributors are additionally focused for oblique assaults on their clients.
The Cyber Centre’s bulletin lists sources offering edge machine hardening directions for vital infrastructure operators.
Salt Storm assaults have impacted a number of telecom firms in dozens of nations, together with AT&T, Verizon, Lumen, Constitution Communications, Consolidated Communications, and Windstream.
Final week, Viasat additionally confirmed that Salt Storm had breached them, however buyer knowledge was not impacted.
Patching used to imply advanced scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, scale back overhead, and give attention to strategic work — no advanced scripts required.
