China's 'Salt Typhoon' Hackers Continue to Breach Telecoms Despite US Sanctions (techcrunch.com) 42
"Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers," reports TechCrunch, "despite the recent sanctions imposed by the U.S. government on the group."
TechRadar reports that the Chinese state-sponsored threat actor is "hitting not just American organizations, but also those from the UK, South Africa, and elsewhere around the world." The latest intrusions were spotted by cybersecurity researchers from Recorded Future, which said the group is targeting internet-exposed web interfaces of Cisco's IOS software that powers different routers and switches. These devices have known vulnerabilities that the threat actors are actively exploiting to gain initial access, root privileges, and more. More than 12,000 Cisco devices were found connected to the wider internet, and exposed to risk, Recorded Future further explained. However, Salt Typhoon is focusing on a "smaller subset" of telecoms and university networks.
"The hackers attempted to exploit vulnerabilities in at least 1,000 Cisco devices," reports NextGov, "allowing them to access higher-level privileges of the hardware and change their configuration settings to allow for persistent access to the networks they're connected on... Over half of the Cisco appliances targeted by Salt Typhoon were located in the U.S., South America and India, with the rest spread across more than 100 countries." Between December and January, the unit, widely known as Salt Typhoon, "possibly targeted" — based on devices that were accessed — offices in the University of California, Los Angeles, California State University, Loyola Marymount University and Utah Tech University, according to a report from cyber threat intelligence firm Recorded Future... The Cisco devices were mainly associated with telecommunications firms, but 13 of them were linked to the universities in the U.S. and some in other nations... "Often involved in cutting-edge research, universities are prime targets for Chinese state-sponsored threat activity groups to acquire valuable research data and intellectual property," said the report, led by the company's Insikt Group, which oversees its threat research.
The cyberspies also compromised Cisco platforms at a U.S.-based affiliate of a prominent United Kingdom telecom operator and a South African provider, both unnamed, the findings added. The hackers also "carried out a reconnaissance of multiple IP addresses" owned by Mytel, a telecom operator based in Myanmar...
"In 2023, Cisco published a security advisory disclosing multiple vulnerabilities in the web UI feature in Cisco IOS XE software," a Cisco spokesperson said in a statement. "We continue to strongly urge customers to follow recommendations outlined in the advisory and upgrade to the available fixed software release."
TechRadar reports that the Chinese state-sponsored threat actor is "hitting not just American organizations, but also those from the UK, South Africa, and elsewhere around the world." The latest intrusions were spotted by cybersecurity researchers from Recorded Future, which said the group is targeting internet-exposed web interfaces of Cisco's IOS software that powers different routers and switches. These devices have known vulnerabilities that the threat actors are actively exploiting to gain initial access, root privileges, and more. More than 12,000 Cisco devices were found connected to the wider internet, and exposed to risk, Recorded Future further explained. However, Salt Typhoon is focusing on a "smaller subset" of telecoms and university networks.
"The hackers attempted to exploit vulnerabilities in at least 1,000 Cisco devices," reports NextGov, "allowing them to access higher-level privileges of the hardware and change their configuration settings to allow for persistent access to the networks they're connected on... Over half of the Cisco appliances targeted by Salt Typhoon were located in the U.S., South America and India, with the rest spread across more than 100 countries." Between December and January, the unit, widely known as Salt Typhoon, "possibly targeted" — based on devices that were accessed — offices in the University of California, Los Angeles, California State University, Loyola Marymount University and Utah Tech University, according to a report from cyber threat intelligence firm Recorded Future... The Cisco devices were mainly associated with telecommunications firms, but 13 of them were linked to the universities in the U.S. and some in other nations... "Often involved in cutting-edge research, universities are prime targets for Chinese state-sponsored threat activity groups to acquire valuable research data and intellectual property," said the report, led by the company's Insikt Group, which oversees its threat research.
The cyberspies also compromised Cisco platforms at a U.S.-based affiliate of a prominent United Kingdom telecom operator and a South African provider, both unnamed, the findings added. The hackers also "carried out a reconnaissance of multiple IP addresses" owned by Mytel, a telecom operator based in Myanmar...
"In 2023, Cisco published a security advisory disclosing multiple vulnerabilities in the web UI feature in Cisco IOS XE software," a Cisco spokesperson said in a statement. "We continue to strongly urge customers to follow recommendations outlined in the advisory and upgrade to the available fixed software release."
A story about lax security practices (Score:2)
The exploit has been fixed since 2023 if I'm reading it right. But it requires the network devices be individually updated and this step isn't happening I presume.
Re:A story about lax security practices (Score:5, Informative)
I'm sorry... if you're a telecom and you can't patch your hardware, you have no business providing the backbone for critical infrastructure.
And yup... you did read that right... there was an advisory back in 2023, and patches rolled out. I know it takes time to patch and a few minutes of downtime as things reboot... BUT... they had 2 fucken years to solve this shit and at this point, their ineptitude is leading to national security issues and geo political consequences.
Put in a clause in any governmental contract requiring a full accounting with 3rd party verification of basic fundamental operating practices.
Worked at an MSP with ~75 mid sized clients, hundreds of switches from various vendors... a small team of 2 was responsible for patching the hardware to latest general release and critical patches.... they managed to get all devices updated atleast 2-3x per year... with full domain admin + hardware admin credential rotation atleast once every 9 months. This was done manually... you can automate this.. there are literally tools for this exact scenario.
the telcos don't have the resources to do a fraction of this once in 2 years? there is no excuse.
Re:A story about lax security practices (Score:5, Insightful)
I'm sorry... if you're a telecom and you can't patch your hardware, you have no business providing the backbone for critical infrastructure.
While I agree, we have one major airplane manufacturers that has forgotten how to install bolts, a major OS maker cannot fix its own broken patches, most "security" software being massively insecure, etc. The problem is nothing happens to the cretins in charge when they mess it up. At worst they get a golden parachute.
A story about faith (Score:2)
We should let the free market sort it out. I'm going to vote with my dollars and only use telecoms that are hacker proof. Simple, now all these other telecoms are incentivized to focus on security and will quickly respond by hardening their networks and shoring up their internal security policies.
The old me would have placed the burden on the Federal government to regulate these things. But the last few weeks should be clear that the Federal government doesn't intend on doing anything about anything anymore
Re: (Score:3)
the last few weeks have shown how dysfunctional the government can actually get... people love to complain about how inefficient it is... but it did get things done... now... all bets are off.
I used to believe in the free market... when it failed, the hand of the government would step in to fix things... but now.. the people that run the "free market" run the government... so there is no more market or regulatory force to actually correct things... there is no cost or risk for them and their screw ups...
the
Re: A story about faith (Score:2)
this is how we will soon be just like Russia. It looks OK from the outside but inside it is actually held together with bubblegum and scotch tape.
everything else will be stolen and stripped out
Re: (Score:3)
Probably too busy ripping it Huawei gear and replacing it with insecure Cisco crap to get the patching done.
Re: (Score:2)
That makes this all especially hilarious.
Re: (Score:2)
yes... because while the government of China is hacking your telecommunications infrastructure, it makes MORE FUCKEN SENSE TO BUY SAID INFRASTRUCTURE FROM THEM DIRECTLY?
What fucked up logic is that?
Re: (Score:2)
Maybe they are playing 4D chess and wanted you to install Cisco gear because it's easy for them to hack, while they keep Huawei stuff nice and secure for their domestic market.
Re: (Score:2)
"... is continuing to compromise telecommunications providers, despite the recent sanctions imposed by the U.S. government on the group".
Shouldn't the sanctions have stopped and eradicated them? I am just thinking loudly, based on what the article makes it sound like.
Correction (Score:2)
"Capitalism provides ..." resulted in better back-doors for black-hats to exploit.
Re: (Score:2)
You say that as if anything else would do better.
Re: (Score:3)
Look at other engineering disciplines: Regulation, liability, test-standards and qualification requirements are doing quite well. The problem with IT is unfettered greed. High time to put some fetters on. Of course, this will make some super-rich assholes a bit less rich, so capitalism makes sure it will happen as late as possible and probably later.
Re: (Score:3)
Powerful people use their power to avoid accountability, ensure that their power cannot be taken away, and acquire more power. This is a universal truth, regardless of economic model. It is not something that is somehow unique to capitalism.
Also, all economies need regulation, including ones based on capitalism.
Re: (Score:2)
Sure, but capitalism serves as an accelerator of the problem.
Re: (Score:2)
>"Sure, but capitalism serves as an accelerator of the problem."
And non-capitalism serves as an accelerator of far more problems. Like innovation, incentive to improve, customer responsiveness, speed, accountability, cost control, etc. You find very little of those in government-run organizations (or monopolies).
Re: Correction (Score:2)
Monopolies are non-capitalism? Then the home country of Cisco has non-capitalism.
I wonder which country has capitalism. Maybe capitalism is an Utopic thing like communism?
Re: (Score:1)
>"Monopolies are non-capitalism?"
I didn't say that. In a perfect capitalist environment, where consumers and producers have all information and understanding of the information, monopolies would not exist. Or if they did, they still wouldn't act like monopolies (they would set prices and offer services as if competition were inevitable). But in reality, consumers and producers do not have all information or understanding, and so monopolies will form and will often act badly (setting unfair prices, pric
Re: Correction (Score:4, Insightful)
Maybe capitalism is an Utopic thing like communism?
No maybe about it. That's it exactly.
I have a real problem with Maximal capitalists that want to let things degenerate to a point where industries or even individual businesses are big enough to steer governments. That's just swapping a constitutional republic for a corporate oligarchy.
And once you have an oligarchy they always slit the throat of free market capitalism. Capitalism as an economic system is very bad at being a system of government, because of its inability to regulate itself.
What I believe people actually want is there to be free enterprise. The ability for any number of players to enter an industry and compete on even footing. With the advantages that an establish business has being balanced against the advantages of a startup being free from preconceptions and generally more agile.
Sometimes that Utopia exists if we look through a very narrow lens for a very brief amount of time.
With a wide view, we tend to just see a pattern of minimal effort for maximum profits. That minimal effort usually involves exploiting someone's labor in order to quickly grow the business. I mean ideally a business would want to operate on zero costs and 100% profit. But exploiting material resources is harder than exploiting labor because stealing property from someone powerful enough to own property is considered theft.
There's a middle ground to all this of course. But that's boring. Nobody is going to get excited about western welfare capitalism or social democracies. (except to call them dirty Reds)
Re: (Score:2)
And there you fell right into the trap. Nice.
But...but... (Score:2)
We thought that sanctioning them would keep them from hacking us!
Swiper no swiping!
Re: (Score:2)
Well obviously because hackers always play by the rules. Right?
Re: (Score:2)
Sanctions: We have drawn a line in the sand. Cross it and we shall draw another.
competition unwanted (Score:3)
Corporates do not like competition. The USA (sort of a corporate muscle) wants to keep its monopoly on spying on the world's telecommunication, and the competition (e.g. the Chinese) want a piece of the pie too ... while the customers (citizens) remain defenseless victims of whoever spies on them (I don't care whether it is the USA or the Chinese, I don't want anybody to spy on my communication)
Re: (Score:3)
Citizens do not care, due to abject stupidity. Requiring and using end-to-end encryption is not hard. But do you see regular citizens calling for it? Regular citizens are victims and they are victims because they make themselves victims.
Re: (Score:2)
>"Citizens do not care"
They care, but only after the fact.
>"due to abject stupidity."
I wouldn't say that. I would say mostly due to ignorance and being busy with their own life. Stupidity is in there, for sure, but it isn't fair to blame it primarily on that.
>"Requiring and using end-to-end encryption is not hard. But do you see regular citizens calling for it? Regular citizens are victims and they are victims because they make themselves victims."
That last sentence I certainly agree with. We h
Re: (Score:2)
>"Citizens do not care"
They care, but only after the fact.
>"due to abject stupidity."
I wouldn't say that. I would say mostly due to ignorance and being busy with their own life. Stupidity is in there, for sure, but it isn't fair to blame it primarily on that.
Hmm. Let me specify a bit more where I see the stupidity. The problem is that most people do not see secret communication possibility as a core ingredient of a working democracy and as critical to maintaing individual freedoms. All the spying in Stalinism, 3rd Reich, GDR and many other places clearly show it is. Hence not putting any priority on it is stupid. Ok, may also be lack of education, but certainly not only.
You have a problem or bad outcome? It can't POSSIBLY be your own fault- your own choices/mistakes/decisions/culture/attitude/values or your own lack of motivation/education/vision/whatever. Has to be some bogey-man "-ism".
Yep. And that means people that do this will never learn. Obviously, blaming the individual
Salt Typhoon, performing a public service (Score:4, Informative)
Re: (Score:2)
They are definitely performing a public service. But only to those agile enough to change their ways. Cisco is not among them, and available evidence suggests the US telecoms are not either.
Let them choke (Score:2)
Why not set up whole networks full of fake or useless files that they can also pull down, which will take them forever to sift through to find the real data?
Re: (Score:2)
And how is the telecom going to distinguish good and bad files? Right...
Re: (Score:2)
Spitballing here, but put JamesP in a JamesP directory but there's no FrankD working there, so put a trove of fake files under the FrankD directory?
Run scripts to edit, move, copy them around...
What are "sanctions" going to do? (Score:2)
Security at US telecoms sucks and has been backdoored by incompetent assholes on top of that. Of course, the Chinese will continue to break in.
Obligatory (Score:4, Funny)
Re: (Score:2, Insightful)
You mean if intelligence agencies didn't require a government mandated vulnerability.
Sanctions? (Score:1)
How can you sanction China when the agencies responsible to apply these sanctions were gutted by DOGE.
Is DOGE even a legitimate department?
Sanctions? Bah that's so last season (Score:2)
sactions (Score:2)
How are sanctions going to hurt a group sponsored by a powerful and wealthy country?