Top Canadian telecom firms may have been hit by Chinese Salt Typhoon hackers
- Canadian telecom firms have been hit with a cyberattack
- Chinese threat actor Salt Typhoon is suspected to be behind the attacks
- Hackers exploited an existing Cisco flaw to gain access
The Canadian Centre for Cyber Security, alongside the FBI, have confirmed hackers were able to gain access to three network devices registered to a Canadian Telecommunications company.
“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon,” The Canadian Centre for Cybersecurity said in a statement.
This isn’t unfamiliar territory for Salt Typhoon, as the group compromised at least eight US telco giants earlier in 2025, with the hackers allegedly having access to these networks for months in a mass surveillance campaign affecting dozens of countries and targeting several high-level officials.
A long running campaign
The hackers, apparently exploited a high severity Cisco flaw, tracked as CVE-2023-20198 to gain access, allowing them to retrieve running configuration files from the compromised devices, which were then modified in order to create a GRE tunnel, enabling traffic collection from the network the devices were connected to.
A patch for this flaw has been available since October 2023, which indicates a serious security oversight in Canadian Telecom cybersecurity.
The threat actors most likely targeted these devices in order to ‘collect information from the victim’s internal network, or use the victim’s device to enable the compromise of further victims,’ which could explain how Salt Typhoon has been so successful in compromising large organizations.
“While our understanding of this activity continues to evolve, we assess that PRC cyber actors will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years,” the statement confirms.
Telecommunication companies are a high-priority for threat actors as they store large amounts of customer data and have useful intelligence value for cyber-espionage campaigns.
Via: ArsTechnica
You might also like
Canadian telecom firms have been hit with a cyberattack Chinese threat actor Salt Typhoon is suspected to be behind the attacks Hackers exploited an existing Cisco flaw to gain access The Canadian Centre for Cyber Security, alongside the FBI, have confirmed hackers were able to gain access to three network…
