Chinese Hacking Group Salt Typhoon: Exploiting Router Vulnerabilities to Infiltrate 600 Organizations

| Editorial Team
0

Chinese Hacking Group Salt Typhoon Breaches 600 Organizations Through Router Vulnerabilities

A sophisticated Chinese hacking group known as Salt Typhoon has successfully infiltrated approximately 600 organizations across 80 countries by exploiting vulnerabilities in edge network devices. The campaign, active since 2019, has primarily targeted telecommunications, government, transportation, and military infrastructure sectors, demonstrating the increasing importance of implementing robust network security and firewall protection measures.

According to a joint cybersecurity advisory released by authorities from 13 countries, the attacks have been linked to three Chinese companies: Sichuan Juxinhe Network Technology Co., Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd. These firms allegedly provide cyber services to Chinese intelligence agencies.

Scale and Impact of the Campaign

The hackers have demonstrated particular interest in compromising network edge devices, including:

  • Major backbone routers of telecommunications providers
  • Provider edge (PE) routers
  • Customer edge (CE) routers

FBI Cyber Division head Brett Leatherman emphasized that Salt Typhoon's persistent espionage campaign aims to breach "global telecommunications privacy and security norms." The group has successfully compromised approximately 200 organizations in the United States alone, highlighting the need for advanced threat hunting capabilities in modern cybersecurity.

Technical Methods and Vulnerabilities

The attackers have exploited multiple critical vulnerabilities in popular network devices:

  • Cisco systems (CVE-2018-0171, CVE-2023-20198, CVE-2023-20273)
  • Ivanti products (CVE-2023-46805, CVE-2024-21887)
  • Palo Alto Networks devices (CVE-2024-3400)

Once access is gained, the group maintains persistence by:

  • Modifying Access Control Lists
  • Creating GRE tunnels for data exfiltration
  • Altering device configurations
  • Capturing authentication credentials

Organizations must recognize that artificial intelligence in cybersecurity defense can provide enhanced protection against such sophisticated attacks.

For more detailed information about this ongoing threat, visit the CISA Advisory Database.

This ongoing campaign highlights the critical importance of securing network edge devices and maintaining robust cybersecurity practices across organizational infrastructure. Organizations should immediately patch all edge network devices, implement enhanced monitoring for unauthorized changes to network device configurations, and regularly review and validate authentication protocols, especially TACACS+ implementations.

Editorial Team
You might also like

Mastering Metadata Management: Enhancing Data Organization and Accessibility

OpenAI GPT-5 Launch: Universal Access to Enhanced AI Accuracy and Performance

How to Write Amazing eBay Listing Titles and Descriptions

Artificial Intelligence in HR: Using AI for identifying and hiring suitable…

How to build a robust Cybersecurity Strategy: 5 Key principles to follow

Windows Firewall Management: Best Practices for Securing Your Business Network