- Safety researchers of the registered future observe the new activity of Typhoon de Sal
- The threat actor still chases ISP and universities in the West
- The group is abusing failures in the Cisco team to achieve new objectives
Salt Typhoon, a threat actor sponsored by the Chinese state better known to violate almost a dozen telecommunications suppliers in the United States, has played again, hitting not only US organizations, but also those of the United Kingdom, South Africa and other parts of the world.
The latest intrusions were detected by Future recorded cyber security researchers, which said the group is aimed at the web interfaces exposed to the Internet of the IOS of Cisco that feeds different routers and switches. These devices have known vulnerabilities that the actors of the threat are actively exploiting to obtain initial access, root privileges and more.
More than 12,000 Cisco devices were found connected to the widest Internet and were exposed to the risk, Future explained. However, Salt Typhoon is focusing on a “smaller subset” of telecommunications and university networks.
Recent activity
This “smaller subset” of objectives includes US services suppliers and telecommunications signatures, an American affiliate of a telecommunder from the United Kingdom, telecommunications in South Africa and Thailand, a supplier of Internet services in Italy, different Universities around the world (Argentina, Bangladesh, Indonesia, Indonesia, Malaysia, Mexico, Netherlands, Thailand, Vietnam and the United States).
All this activity was detected between December 2024 and January 2025, which means that the group is currently quite active.
“They are super assets and continue to be super active,” he told Wired Levi Gundet, who directed the Future research team known as Insikt Group. “I think there is only a general underestimation of how aggressive they are when converting telecommunications networks into a Swiss cheese.”
Cisco also intervened, saying that Salt Typhoon’s vulnerabilities have been solved, and urged users to apply the patches available as soon as possible.
N-Day vulnerabilities are not blinked are under saving fruits for cybercriminals, since they already have a feat of work and a proof of concept of malware infections, which makes their work relatively easy.
Through Cabling
