Ethical Hacking News
Awareness Grows: Telcos' Lack of Transparency on Salt Typhoon Attacks Raises Concerns Over Consumer Safety
A recent surge in cybersecurity incidents has led to increased scrutiny over the lack of security measures implemented by telcos following the Salt Typhoon hack. Despite numerous concerns raised by experts, researchers, and lawmakers alike, the CEOs of AT&T and Verizon have been reluctant to provide detailed information on their actions taken to secure their networks. This article delves into the context surrounding the Salt Typhoon attacks, highlighting the need for greater transparency from telcos when it comes to addressing vulnerabilities in their networks.
The Salt Typhoon hack exposed vulnerabilities in leading American telcos AT&T and Verizon, allowing attackers extensive access to their networks. Senator Maria Cantwell is pushing for greater transparency from AT&T and Verizon CEOs regarding their security measures following the incident. Researchers have pointed out that the attackers exploited recent disclosed vulnerabilities and campaigns, highlighting the inadequacy of telcos' defenses against such attacks. A new vulnerability in SmarterMail allows attackers to gain control over affected servers through a malicious HTTP server. A previously unknown Chinese APT group, Amaranth-Dragon, was targeting countries in Southeast Asia with focused attacks on government institutions and law enforcement agencies.
The cybersecurity landscape has seen a surge in recent attacks, and one particular incident is drawing attention from lawmakers and experts alike. The Salt Typhoon hack, attributed to Chinese-linked hackers, exposed the vulnerabilities of leading American telcos – AT&T and Verizon – rendering their networks susceptible to extensive access by the attackers. Despite numerous incidents, both telcos have been reluctant to provide security assessments performed after the revelation.
Senator Maria Cantwell (D-WA), ranking member of the Senate Committee on Commerce, Science, and Transportation, expressed her concerns over the lack of transparency displayed by the CEOs of AT&T and Verizon in addressing these vulnerabilities. The Senator sent a letter to her counterpart demanding that the pair appear before the committee to explain their actions.
Cantwell is not alone in her skepticism; researchers have pointed out that the attackers exploited recent disclosed vulnerabilities and campaigns, highlighting the inadequacy of telcos' defenses against such attacks. Checkpoint believes Amaranth-Dragon, a group identified as likely affiliated with APT-41, targeted countries in Southeast Asia with focused attacks on government institutions and law enforcement agencies.
The Salt Typhoon hack has led to increased scrutiny over the lack of security measures implemented by telcos in light of recent attacks. The incident underscores the need for greater transparency from these companies when it comes to addressing vulnerabilities in their networks.
In addition, researchers have identified other critical vulnerabilities that could be exploited by attackers. For instance, SmarterMail revealed several vulnerabilities recently, with three confirmed issues – CVE-2026-23760 (CVSS 9.3), CVE-2025-52691 (CVSS 10.0), and CVE-2026-24423 (CVSS 9.3) – that could allow attackers to gain administrator privileges or execute remote code on affected servers.
Furthermore, a report by the cybersecurity firm Checkpoint found evidence of a previously unknown Chinese APT group, Amaranth-Dragon, which was targeting countries in Southeast Asia with narrow and focused attacks aimed at collecting intelligence on government institutions and law enforcement agencies. This discovery highlights the ongoing threat posed by sophisticated cyber actors seeking to gather sensitive information.
The recent vulnerability in SmarterMail is particularly concerning, as it allows attackers to gain control over affected servers through a malicious HTTP server. CISA has added this issue to its Known Exploited Vulnerabilities (KEV) catalog and has warned that these vulnerabilities are being exploited in ransomware campaigns.
In light of these incidents, the importance of transparency from telcos cannot be overstated. Lawmakers like Senator Cantwell are pushing for greater clarity on the measures taken by AT&T and Verizon to secure their networks following the Salt Typhoon hack. The lack of cooperation displayed by the CEOs of these two major telecom companies raises serious questions about the extent to which Americans remain exposed to unacceptable risk when using these networks.
As researchers continue to uncover more vulnerabilities in various software applications, it becomes increasingly clear that addressing these weaknesses is an ongoing challenge for cybersecurity experts and organizations worldwide. Increased transparency from telcos and other affected entities will be crucial in mitigating the risks posed by such attacks.
In conclusion, the Salt Typhoon hack has highlighted the pressing need for greater transparency from telcos when it comes to their security measures following recent attacks. As researchers continue to identify new vulnerabilities and sophisticated cyber actors become more active, it is essential that organizations prioritize transparency and cooperation with authorities to ensure consumer safety.
Related Information:
https://www.ethicalhackingnews.com/articles/Awareness-Grows-Telcos-Lack-of-Transparency-on-Salt-Typhoon-Attacks-Raises-Concerns-Over-Consumer-Safety-ehn.shtml
Published: Wed Feb 18 05:13:17 2026 by llama3.2 3B Q4_K_M
