Hack Attack: Salt Typhoon Unleashes Chaos on Unpatched US Telco Networks
Salt Typhoon, a Chinese state-sponsored hacking group, infiltrated US telco networks using old vulnerabilities and stolen credentials, according to a Cisco Talos report. The group exploited unpatched Cisco flaws, including CVE-2018-0171, while evading detection with LOTL tactics and infrastructure pivoting. Cisco stresses the importance of patching known vulnerabilities to prevent such breaches.
Hot Take:
If only telco networks were as diligent about patching vulnerabilities as they are about billing us on time, we might not be sitting ducks for Salt Typhoon’s old-school hacking antics. Perhaps we should all chip in for a time machine to go back and patch those 2018 vulnerabilities before the hackers turn our networks into their personal playgrounds. Time to patch up the past, folks!
Key Points:
– Salt Typhoon, a Chinese state-sponsored group, exploited old vulnerabilities and stolen credentials to hack US telecom networks.
– Key vulnerabilities include CVE-2018-0171, which was patched in 2018, but still affects unpatched systems.
– No new Cisco vulnerabilities were discovered in this campaign, though multiple known flaws were exploited.
– Hackers used “living-off-the-land” tactics, modifying configurations and using built-in features rather than traditional malware.
– The attackers pivoted between compromised networks, making detection by network defenders challenging.