Useful information
Prime News delivers timely, accurate news and insights on global events, politics, business, and technology
When it was revealed that the group of Chinese computer pirates known as Typhoon de Salt had penetrated deeply into the main telecommunications companies of the US. Calls from Americans in real time, that the piracy campaign was treated as a four -alarm fire by the United States government. However, even after the high profile exposure of computer pirates, they have continued their wave of breaking into telecommunications networks worldwide, including more in the United States.
The researchers from the cybersecurity firm registered Future on Wednesday night revealed in a report that have seen Salt Typhoon violate five telecommunications and internet service providers worldwide, as well as more than a dozen universities from Utah to Vietnam , all between December and January. Telecommunications include an internet telecommunications services and services from the US. connect.
“They are super assets and continue to be super assets,” says Levi Gundet, who leads the Future research team known as Insikt Group. “I think there is only a general underestimation of how aggressive they are when converting telecommunications networks into a Swiss cheese.”
To carry out this last intrusions campaign, Salt Typhoon, who recorded future clues under his own name, Redmike, instead of the typhoon mango created by Microsoft, has been aimed at the web interfaces exhibited to the Internet of the IOS Software of Cisco, that is executed on the network of networks in the network of routers and giant switches. Computer pirates exploited two different vulnerabilities in the code of those devices, one of which grants initial access, and another that provides root privileges, which gives them the total control of a often powerful equipment with access to a victim’s network .
“Every time you are integrated into communication networks in infrastructure as routers, you have the keys to the kingdom in what you can access and observe and exfiltrate,” says Guntart.
The registered future found more than 12,000 Cisco devices whose web interfaces were exhibited online, and say that the computer pirates pointed to more than a thousand of those devices installed in networks around the world. Of these, they seem to have focused on a smaller subset of telecommunications and university networks whose Cisco devices exploded successfully. For those selected objectives, Salt Typhoon configured the pirated Cisco devices to connect to the command and control servers of the computer pirates through the encapsulation of generic routing, or the GRE tunnels, a protocol used to configure private communications channels, Then they used those connections to maintain their access and data theft.
When Wired communicated with Cisco to comment, the company pointed out a Security notice He published on vulnerabilities on the web interface of his iOS software in 2023. “We continue to urge customers to follow the recommendations described in advice and update to the fixed software version available,” wrote a spokesman in a statement.
Holding network devices as entry points to point to victims, often exploiting known vulnerabilities that device owners have not been able to patch, it has become a standard operational procedure for Salt Typhoon and other Chinese piracy groups. This is partly due to the fact that these network devices lack many of the security controls and monitoring software that has been extended to more traditional computer devices such as servers and PCs. Future notes recorded in their report that the sophisticated Chinese espionage equipment have attacked these vulnerable network devices as a primary intrusion technique for at least five years.
