Safety researchers say the Chinese language government-linked hacking group, Salt Storm, is continuous to compromise telecommunications suppliers, regardless of the latest sanctions imposed by the U.S. authorities on the group.
In a report shared with information.killnetswitch, risk intelligence agency Recorded Future mentioned it had noticed Salt Storm — which the corporate tracks as “RedMike” — breaching 5 telecommunications corporations between December 2024 and January 2025.
Salt Storm made headlines final September after it was revealed that the group had infiltrated a number of U.S. cellphone and web giants, together with AT&T and Verizon, to achieve entry to the non-public communications of senior U.S. authorities officers and political figures.
Salt Storm additionally hacked into the programs that legislation enforcement companies use for court-authorized assortment of buyer information, doubtlessly accessing delicate information such because the identities of Chinese language targets of U.S. surveillance.
Recorded Future declined to call Salt Storm’s newest victims, however mentioned they embody a U.S.-based affiliate of a distinguished U.Ok. telecommunications supplier; a U.S. web service supplier, and telecommunications corporations in Italy, South Africa and Thailand.
The hackers additionally carried out reconnaissance — the apply of covertly discovering and accumulating details about a system — on a number of infrastructure property operated by Myanmar-based telecommunications supplier, Mytel, in response to Recorded Future.
To hold out these assaults, Salt Storm exploited two vulnerabilities (tracked as CVE-20232-0198 and CVE-2023-20273) to compromise unpatched Cisco gadgets working Cisco IOS XE software program. The hacking group has tried to compromise greater than 1,000 Cisco gadgets globally, focusing significantly on gadgets related to telecommunications suppliers’ networks, Recorded Future mentioned.
Recorded Future mentioned it had additionally noticed Salt Storm concentrating on gadgets related to universities, together with the College of California and Utah Tech. The researchers mentioned the hacking group “probably focused these universities to entry analysis in areas associated to telecommunications, engineering, and expertise.”
The U.S. authorities has sanctioned corporations linked to the group. In January, the U.S. Treasury Division — itself focused by Chinese language authorities hackers not too long ago — mentioned it had sanctioned a China-based cybersecurity firm generally known as Sichuan Juxinhe Community Expertise, which it says is immediately linked to Salt Storm.
Recorded Future’s researchers say regardless of this motion, it expects Salt Storm to proceed concentrating on telecommunications suppliers within the U.S. and elsewhere.
