Salt Typhoon Exploits Vulnerabilities in Cisco, Ivanti, and Palo Alto to Compromise 600 Organizations Globally

ByAdmin

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has intensified its global cyberattacks, targeting critical sectors such as telecommunications, government, transportation, lodging, and military infrastructure. A joint cybersecurity advisory published by authorities from 13 countries highlights that these actors primarily focus on large backbone routers of major telecommunications providers, as well as Provider Edge (PE) and Customer Edge (CE) routers. They exploit compromised devices and trusted connections to infiltrate other networks, often modifying routers to ensure persistent, long-term access. The malicious activities have been linked to three Chinese entities: Sichuan Juxinhe Network Technology Co., Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd. These companies are reported to provide cyber-related products and services to China’s intelligence services, enabling Beijing to track and monitor communications globally.

Brett Leatherman, head of the U.S. Federal Bureau of Investigation’s Cyber Division, noted that Salt Typhoon has been operational since at least 2019, conducting a sustained espionage campaign aimed at undermining global telecommunications privacy and security norms. A separate alert from Dutch intelligence services MIVD and AIVD indicated that while organisations in the Netherlands did not face the same level of scrutiny as those in the U.S., the hackers managed to access routers of smaller Internet Service Providers (ISPs) and hosting providers. The advisory, co-signed by countries including Australia, Canada, and the U.K., revealed that since 2021, Salt Typhoon has targeted over 600 organisations across 80 countries, with significant activity observed in the U.K. The hacking group, also known as GhostEmperor, Operator Panda, RedMike, and UNC5807, has gained initial access by exploiting vulnerabilities in exposed network edge devices from Cisco, Ivanti, and Palo Alto Networks. 

Categories: Cybersecurity Threats, Advanced Persistent Threats (APTs), Targeted Sectors 

Tags: Salt Typhoon, APT, Cybersecurity, Telecommunications, Espionage, Routers, Compromised Devices, Critical Sectors, China, Global Networks 

Leave a Reply

Your email address will not be published. Required fields are marked *