- Canadian telecommunications companies have been beaten with a cyber attack
- It is suspected that the Chinese threat actor Salt Typhoon is behind the attacks
- Computer pirates exploited an existing CISCO defect to get access
The Canadian cyber security center, together with the FBI, has confirmed that computer pirates could obtain access to three network devices registered in a Canadian telecommunications company.
“The Cyber Center is aware of malicious cyber activities that currently lead to Canadian telecommunications companies. The responsible actors are almost surely actors sponsored by the state of the RPC, specifically to the salt typhoon,” said the Canada cybersecurity center in a statement.
This is not an unknown territory for Salt Typhoon, since the group committed at least eight American telecommunications giants in early 2025, and computer pirates allegedly have access to these networks for months in a massive surveillance campaign that affect dozens of countries and point to several high -level officials.
A long duration campaign
The computer pirates, apparently exploded a high severity Cisco failure, tracked as CVE-2023-20198 for access, which allows them to recover the configuration files of the committed devices, which were then modified to create a GRE tunnel, which allows the network traffic collection to which the devices were connected.
A patch for this defect has been available since October 2023, which indicates a serious safety supervision in the cybersecurity of Canadian telecommunications.
The threat actors probably went to these devices to “collect information from the victim’s internal network, or use the victim’s device to allow the commitment of other victims,” which could explain how the salt typhoon has been so successful to compromise great organizations.
“While our understanding of this activity continues to evolve, we evaluate that the cyber actors of the RPC will surely continue to attack Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, in the next two years,” confirms the statement.
Telecommunications companies are a high priority for threat actors, since they store large amounts of customer data and have a useful intelligence value for cyber amateur campaigns.
Through: Arstechnica
