Ethical Hacking News
Global Salt Typhoon hacking campaigns linked to Chinese tech firms, revealing a complex web of cyber espionage operations targeting government networks and telecommunications companies worldwide.
The Salt Typhoon global hacking campaign has been linked to three Chinese-based technology firms and has breached numerous government networks and telecommunications companies worldwide. The attackers exploited widely known vulnerabilities, including CVE-2024-21887, CVE-2024-3400, and others, rather than relying on zero-days. The vulnerabilities were found in widely used network equipment from companies like Cisco, Ivanti, Palo Alto, and Cisco IOS XE. The attackers used these vulnerabilities to gain access to routing and network devices, allowing them to modify access control lists and enable persistence. Prioritizing patching devices first, hardening device configurations, monitoring for unauthorized changes, and turning off unused services are crucial steps in preventing such attacks. The Salt Typhoon campaign highlights the importance of implementing robust security controls, restricting management services to dedicated networks, and enforcing secure protocols.
The recent revelations regarding the Salt Typhoon global hacking campaign have shed new light on the complex and sophisticated nature of state-sponsored cyber espionage. The campaign, which has been linked to three Chinese-based technology firms – Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin Ruijie Network Technology Co. Ltd. – has been found to have breached numerous government networks and telecommunications companies across the globe.
In a joint advisory released by the U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries, it has been revealed that the Salt Typhoon actors have had considerable success exploiting widely known and fixed flaws on network edge devices rather than relying on zero-days. The vulnerabilities exploited include CVE-2024-21887, CVE-2024-3400, CVE-2023-20273, CVE-2023-20198, and CVE-2018-0171.
These vulnerabilities were found to be present in widely used network equipment, including those from Cisco, Ivanti, Palo Alto, and Cisco IOS XE. The Salt Typhoon actors leveraged these vulnerabilities to gain access to routing and network devices, allowing them to modify access control lists, enable SSH on non-standard ports, create GRE/IPsec tunnels, and exploit Cisco Guest Shell containers to maintain persistence.
The use of these widely known vulnerabilities highlights the importance of prioritizing patching devices first, hardening device configurations, monitoring for unauthorized changes, and turning off unused services. It also emphasizes the need for organizations to implement robust security controls, restrict management services to dedicated networks, enforce secure protocols such as SSHv2 and SNMPv3, and disable Cisco Smart Install and Guest Shell where not needed.
The Salt Typhoon campaign has been particularly noteworthy due to its concerted attacks on telecommunication firms to spy on the private communications of individuals worldwide. The group previously breached major U.S. carriers, including AT&T, Verizon, and Lumen, gaining access to sensitive communications such as text messages, voicemails, and even U.S. law enforcement's wiretap systems.
Moreover, the Salt Typhoon actors have been linked to a nine-month breach of a U.S. Army National Guard network in 2024, during which they stole configuration files and administrator credentials that could be used to compromise other government networks. The breach has raised concerns about the security of government networks and the potential for cyber espionage operations.
The fact that the Salt Typhoon campaign is linked to Chinese-based technology firms adds a layer of complexity to the narrative. The three companies involved – Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin Ruijie Network Technology Co. Ltd. – have been found to provide cyber products and services to China's Ministry of State Security and the People's Liberation Army, enabling cyber espionage operations tracked as Salt Typhoon.
Furthermore, the use of custom malware known as JumbledPath by the Salt Typhoon actors allows them to monitor and capture traffic from telecom networks. This further highlights the importance of implementing robust security controls to protect against such threats.
In light of these findings, it is essential for organizations worldwide to take proactive measures to secure their networks and prevent similar breaches. The use of widely known vulnerabilities should not be taken lightly, and prioritizing patching devices first, hardening device configurations, monitoring for unauthorized changes, and turning off unused services are crucial steps in preventing such attacks.
Additionally, the public sector must also take a closer look at the security of government networks and consider implementing robust security controls to prevent similar breaches. The recent revelations regarding the Salt Typhoon campaign serve as a stark reminder of the importance of maintaining the highest level of cybersecurity hygiene.
In conclusion, the Salt Typhoon phenomenon represents a complex web of cyber espionage operations that have been linked to Chinese-based technology firms. The use of widely known vulnerabilities by these actors highlights the need for organizations and governments worldwide to prioritize patching devices first, hardening device configurations, monitoring for unauthorized changes, and turning off unused services.
The fact that the Salt Typhoon campaign has breached numerous government networks and telecommunications companies across the globe raises concerns about the security of sensitive information. It is essential for organizations and governments worldwide to take proactive measures to secure their networks and prevent similar breaches.
As the threat landscape continues to evolve, it is crucial for individuals, organizations, and governments worldwide to remain vigilant and proactive in maintaining the highest level of cybersecurity hygiene. By doing so, we can prevent similar breaches from occurring and maintain the trust and confidence of our citizens in our institutions.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Salt-Typhoon-Phenomenon-Unpacking-the-Global-Cyber-Espionage-Campaign-Linked-to-Chinese-Tech-Firms-ehn.shtml
https://www.bleepingcomputer.com/news/security/global-salt-typhoon-hacking-campaigns-linked-to-chinese-tech-firms/
https://www.msn.com/en-us/news/world/international-coalition-calls-out-three-chinese-companies-over-hacking-campaign/ar-AA1Ll7ex
https://nvd.nist.gov/vuln/detail/CVE-2024-21887
https://www.cvedetails.com/cve/CVE-2024-21887/
https://nvd.nist.gov/vuln/detail/CVE-2024-3400
https://www.cvedetails.com/cve/CVE-2024-3400/
https://nvd.nist.gov/vuln/detail/CVE-2023-20273
https://www.cvedetails.com/cve/CVE-2023-20273/
https://nvd.nist.gov/vuln/detail/CVE-2023-20198
https://www.cvedetails.com/cve/CVE-2023-20198/
https://nvd.nist.gov/vuln/detail/CVE-2018-0171
https://www.cvedetails.com/cve/CVE-2018-0171/
Published: Wed Aug 27 14:16:53 2025 by llama3.2 3B Q4_K_M
