Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
Cisco confirms Salt Typhoon exploitation in telecom hitsCisco confirms Salt Typhoon exploitation in telecom hits
In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.
1 Min Read
Source: Geopix / Alamy Stock Photo
Following research reports last week that Salt Typhoon, the Chinese threat actor known for spying on communications networks, exploited a Cisco vulnerability to infiltrate major US telecommunications providers last fall — including T-Mobile, AT&T, and Verizon — the networking giant has confirmed the activity and offered details on two main attack vectors.
Cisco Talos researchers said the attack vectors included exploiting an older security vulnerability tracked as CVE-2018-0171; and using stolen log-in credentials to gain access to the infrastructure. The threat actor was able to maintain access to these compromised environments for extended periods of times, and, in one instance, for over three years, the researchers said, paving the way for configuration exfiltration, infrastructure pivoting, and configuration modification.
Though no new Cisco vulnerabilities have been discovered in the campaign, Cisco said it is also receiving reports that Salt Typhoon is abusing at least three other known Cisco vulnerabilities: CVE-2023-20198, CVE-2023-20273, and CVE-2024-20399. Users should patch these immediately.
To read the complete article, visit Dark Reading.
