A Chinese state-backed hacking group known as Salt Typhoon remains a persistent threat to telecommunications providers worldwide, despite recent U.S. sanctions and cybersecurity warnings. According to a newly released report from cybersecurity firm Recorded Future, the group has successfully breached multiple telecom networks across the United States, Europe, Africa, and Asia by exploiting vulnerabilities in Cisco network devices.
Salt Typhoon, also tracked under aliases such as RedMike, Earth Estries, and GhostEmperor, has been linked to cyberattacks on at least five major telecommunications providers between December 2024 and January 2025. The hacking group has previously infiltrated major U.S. telecom companies, including AT&T and Verizon, and has been accused of eavesdropping on government communications and political figures.
TechCrunch first broke the news of Salt Typhoon’s renewed hacking activities, highlighting their continued focus on infiltrating telecommunications networks. The hackers have also been found targeting research universities conducting telecommunications and technology research, raising further concerns over China’s aggressive cyber-espionage operations.
Exploiting Cisco Vulnerabilities
Salt Typhoon has focused on two well-documented vulnerabilities in Cisco network devices, identified as CVE-2023-20198 and CVE-2023-20273. These security flaws allow attackers to create administrative accounts on affected systems and execute commands requiring high-level privileges. Cisco initially issued warnings about these vulnerabilities in October 2023, but many organizations have failed to implement the necessary security updates or remove affected devices from the public internet, leaving them exposed to attack.
According to TechCrunch, Salt Typhoon has leveraged these vulnerabilities to compromise over 1,000 Cisco devices globally, with a strong emphasis on telecommunications infrastructure. The group’s ability to exploit unpatched systems underscores the ongoing risk posed by outdated cybersecurity practices in critical industries.
Espionage and Strategic Intelligence Gathering
Cybersecurity experts warn that Salt Typhoon’s activities extend beyond corporate espionage, with potential national security implications. The group’s infiltration of major telecom networks allows them access to sensitive communications data, including government surveillance systems. The hackers have reportedly gained access to law enforcement surveillance tools, potentially compromising sensitive investigations and further escalating concerns about foreign cyber interference.
Recorded Future’s senior director of strategic intelligence, Jon Condra, stated that Salt Typhoon’s operations are “truly global in scope” and likely tied to China’s long-term intelligence-gathering objectives. He emphasized that the group’s capacity to penetrate critical infrastructure could play a crucial role in future geopolitical conflicts.
Growing Concerns Over Cybersecurity Readiness
Despite numerous warnings from cybersecurity agencies and technology firms, many telecom providers continue to lag in adopting robust cybersecurity measures. The persistent nature of Salt Typhoon’s attacks highlights the urgent need for organizations to implement stronger security protocols, including timely software patches, advanced threat detection tools, and stricter access controls.
As global tensions rise in cyberspace, experts stress that telecom providers must take proactive measures to safeguard their networks against evolving threats. Governments and private-sector entities must collaborate to improve cybersecurity resilience and prevent future breaches from sophisticated state-backed hacking groups.
With Salt Typhoon’s cyber activities showing no signs of slowing, cybersecurity analysts continue to monitor their operations, urging affected organizations to remain vigilant and prioritize security upgrades. The battle to secure telecommunications networks against state-sponsored cyber threats remains a critical challenge for industries worldwide.