The Canadian Centre for Cyber Safety and the FBI affirm that the Chinese language state-sponsored ‘Salt Hurricane’ hacking group can be concentrating on Canadian telecommunication companies, breaching a telecom supplier in February.
Through the February 2025 incident, Salt Hurricane exploited the CVE-2023-20198 flaw, a vital Cisco IOS XE vulnerability permitting distant, unauthenticated attackers to create arbitrary accounts and acquire admin-level privileges.
The flaw was first disclosed in October 2023, when it was reported that risk actors had exploited it as a zero-day to hack over 10,000 units.
Regardless of a major interval having handed, not less than one main telecommunications supplier in Canada nonetheless hadn’t patched, giving Salt Hurricane a straightforward approach to compromise units.
“Three community units registered to a Canadian telecommunications firm had been compromised by probably Salt Hurricane actors in mid-February 2025,” reads the bulletin.
“The actors exploited CVE-2023-20198 to retrieve the working configuration information from all three units and modified not less than one of many information to configure a GRE tunnel, enabling visitors assortment from the community.”
In October 2024, following Salt Hurricane breaches on a number of American broadband suppliers, the Canadian authorities flagged reconnaissance exercise that focused dozens of key organizations within the nation.
No precise breaches had been confirmed on the time, and regardless of the calls to raise safety, some vital service suppliers did not take the required motion.
The Cyber Centre notes that, based mostly on separate investigations and crowd-sourced intelligence, exercise probably tied to Salt Hurricane extends past the telecommunications sector, concentrating on a number of different industries.
In lots of instances, the exercise is restricted to reconnaissance, although the info stolen from inside networks can be utilized for lateral motion or provide chain assaults.
The Cyber Centre warned that the assaults towards Canadian organizations “will nearly actually proceed” over the following two years, urging vital organizations to guard their networks.
Telecommunication service suppliers who deal with worthwhile knowledge, reminiscent of name metadata, subscriber location knowledge, SMS contents, and authorities/political communications, are prime targets for state-sponsored espionage teams.
Their assaults usually goal edge units on the community perimeter, routers, firewalls, and VPN home equipment, whereas MSPs and cloud distributors are additionally focused for oblique assaults on their prospects.
The Cyber Centre’s bulletin lists sources offering edge gadget hardening directions for vital infrastructure operators.
Salt Hurricane assaults have impacted a number of telecom corporations in dozens of nations, together with AT&T, Verizon, Lumen, Constitution Communications, Consolidated Communications, and Windstream.
Final week, Viasat additionally confirmed that Salt Hurricane had breached them, however buyer knowledge was not impacted.
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, scale back overhead, and deal with strategic work — no advanced scripts required.
