- Salt Typhoon has compromised five telecom firms across multiple countries in recent months, defying U.S. sanctions.
- The group has targeted over 1,000 Cisco devices globally, exploiting specific vulnerabilities in IOS XE software.
- Universities have emerged as new targets, possibly for accessing telecommunications and technology research.
Chinese government-linked hacking group Salt Typhoon has breached five telecommunications companies across multiple countries between December 2024 and January 2025, according to a new report from threat intelligence firm Recorded Future, displaying the group's continued operations despite U.S. sanctions.
The latest victims include a U.S.-based affiliate of a major U.K. telecommunications provider, a U.S. internet service provider, and telecommunications companies in Italy, South Africa, and Thailand.
The group has also conducted surveillance operations against Myanmar-based provider Mytel's infrastructure.
The hackers' ongoing campaign follows their high-profile infiltration of major U.S. telecom giants last September, including AT&T and Verizon, where they accessed private communications of senior U.S. government officials and compromised law enforcement surveillance systems.
According to Recorded Future, Salt Typhoon has exploited vulnerabilities in Cisco devices running IOS XE software to target over 1,000 systems globally.
The group has expanded its focus to include universities, potentially seeking access to telecommunications and engineering research.
The continued attacks come despite the U.S. Treasury Department's sanctions against Sichuan Juxinhe Network Technology, a Chinese company allegedly linked to the group.
Researchers expect Salt Typhoon to maintain its aggressive stance against telecommunications providers in the U.S. and internationally, suggesting current sanctions have done little to deter their activities.
Edited By Annette George
