Safety researchers say the Chinese language government-linked hacking group, Salt Storm, is continuous to compromise telecommunications suppliers, regardless of the latest sanctions imposed by the U.S. authorities on the group.
In a report shared with TechCrunch, risk intelligence agency Recorded Future stated it had noticed Salt Storm — which the corporate tracks as “RedMike” — breaching 5 telecommunications companies between December 2024 and January 2025.
Salt Storm made headlines final September after it was revealed that the group had infiltrated a number of U.S. telephone and web giants, together with AT&T and Verizon, to achieve entry to the personal communications of senior U.S. authorities officers and political figures.
Salt Storm additionally hacked into the methods that legislation enforcement companies use for court-authorized assortment of buyer information, probably accessing delicate information such because the identities of Chinese language targets of U.S. surveillance.
Recorded Future declined to call Salt Storm’s newest victims, however stated they embody a U.S.-based affiliate of a distinguished U.Okay. telecommunications supplier; a U.S. web service supplier, and telecommunications corporations in Italy, South Africa and Thailand.
The hackers additionally carried out reconnaissance — the follow of covertly discovering and amassing details about a system — on a number of infrastructure belongings operated by Myanmar-based telecommunications supplier, Mytel, in line with Recorded Future.
To hold out these assaults, Salt Storm exploited two vulnerabilities (tracked as CVE-20232-0198 and CVE-2023-20273) to compromise unpatched Cisco gadgets operating Cisco IOS XE software program. The hacking group has tried to compromise greater than 1,000 Cisco gadgets globally, focusing significantly on gadgets related to telecommunications suppliers’ networks, Recorded Future stated.
Recorded Future stated it had additionally noticed Salt Storm focusing on gadgets related to universities, together with the College of California and Utah Tech. The researchers stated the hacking group “probably focused these universities to entry analysis in areas associated to telecommunications, engineering, and know-how.”
The U.S. authorities has sanctioned corporations linked to the group. In January, the U.S. Treasury Division — itself focused by Chinese language authorities hackers just lately — stated it had sanctioned a China-based cybersecurity firm generally known as Sichuan Juxinhe Community Know-how, which it says is straight linked to Salt Storm.
Recorded Future’s researchers say regardless of this motion, it expects Salt Storm to proceed focusing on telecommunications suppliers within the U.S. and elsewhere.
