The U.S. Treasury Department has sanctioned Sichuan Juxinhe Network Technology, a China-based cybersecurity company, for its direct ties to the notorious hacking group, Salt Typhoon. This Chinese government-linked entity has been implicated in numerous cyberattacks targeting telecommunications firms and law enforcement systems globally. Despite recent U.S. sanctions, Salt Typhoon continues to exploit vulnerabilities in unpatched Cisco devices, posing a persistent threat to telecommunications providers worldwide.
Salt Typhoon has notoriously infiltrated systems used for court-authorized data collection, potentially accessing sensitive information, including the identities of Chinese targets under U.S. surveillance. By exploiting vulnerabilities tracked as CVE-20232-0198 and CVE-2023-20273, the group has managed to compromise Cisco devices running Cisco IOS XE software. This method allowed them to gain access to private communications involving senior U.S. government officials and political figures.
In September, Salt Typhoon gained prominence when it was revealed that they had breached several major U.S. telecommunications companies, such as AT&T and Verizon. The group has also conducted reconnaissance on infrastructure assets operated by Myanmar-based telecommunications provider, Mytel. Despite the U.S. government's imposition of sanctions on companies linked to the group, Salt Typhoon continues its cyber activities unabated.
Security researchers from Recorded Future have identified that Salt Typhoon has targeted more than 1,000 Cisco devices globally, with a particular focus on those associated with telecommunications networks. The group’s latest victims include a U.S.-based affiliate of a prominent U.K. telecommunications provider, a U.S. internet service provider, and telecommunications companies in Italy, South Africa, and Thailand. However, Recorded Future has chosen not to disclose the names of these entities.
"Possibly targeted these universities to access research in areas related to telecommunications, engineering, and technology." – Recorded Future's researchers
The relentless attacks by Salt Typhoon highlight the ongoing challenge of securing telecommunications infrastructure from sophisticated cyber threats. Despite the U.S. government's efforts to curb their activities through sanctions, experts warn that Salt Typhoon remains a formidable adversary in cyberspace. Recorded Future’s researchers predict that the group will continue targeting telecommunications providers in the United States and other countries, seeking vulnerabilities in critical networks.
Leave a Reply