Get the latest tech news

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

Despite high-profile attention and even US sanctions, the group hasn’t stopped or even slowed its operation, including the breach of two more US telecoms.

When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies —ultimately breaching no fewer than nine of the phone carriers and accessing Americans' texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the US government. Researchers at cybersecurity firm Recorded Future on Wednesday night revealed in a report that they've seen Salt Typhoon breach five telecoms and internet service providers around the world, as well as more than a dozen universities from Utah to Vietnam, all between December and January. To carry out this latest campaign of intrusions, Salt Typhoon—which Recorded Future tracks under its own name, RedMike, rather than the Typhoon handle created by Microsoft—has targeted the internet-exposed web interfaces of Cisco's IOS software, which runs on the networking giant's routers and switches.

Get the Android app